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Enterasys  a  growth 
company,  CEO  says 


SPECIAL  FOCUS 

IT  groups 
eschew  BYOD 

Workers  to  carry  company-owned  tablets 


BY  JOHN  COX 


nterasys  has  a  storied  past, 

springing,  as  it  did,  from  the  loins 
of  Cabletron,  the  network  giant 
I  whose  revenues  once  surpassed 
$1  billion,  but  then  falling  into  disarray 
in  the  early  2000s.  Enterasys  today  is  a 
fast-growing  private  company  and  part  of 
a  joint  venture  with  Siemens 
Enterprise  Communica¬ 
tions,  giving  it  added  depth 
and  reach.  Network  World 
Editor  in  Chief  John  Dix 
recently  caught  up  with 
company  President  and 
CEO  Chris  Crowell  to  learn 
more  about  what  Enterasys  CHR(S 
is  up  to  and  where  it  fits  in.  crowell 


You've  been  involved  in  this  company  in 
many  capacities  over  many  years,  even 
heading  IT  at  one  point  if  I  read  it  right. 

I  started  at  Cabletron  in  ’92  to  work  on  their  manage¬ 
ment  platform.  When  Cabletron  split  the  company 
into  four  parts  in  2000, 1  was  running  all  technical 
parts  of  Spectrum  —  I  was  CTO,  I  was  head  of  IT 
for  Spectrum,  everything  technical  was  under  me 
-  and  Spectrum  became  Aprisma  after  the  reorga¬ 
nization.  As  a  subsidiary  we  stayed  with  Enterasys 
for  two  years  and  then  we  were  sold  to  The  Gores 
Group,  which  is  a  private  equity  firm,  then  The  Gores 
Group  sold  us  to  Concord  Communications,  and  then 

►  Sec  Enterasys,  page  14 


AFTER  SEVERAL  years  of  struggling  to  accommodate  personally  owned 
smartphones,  many  corporate  IT  groups  are  taking  the  opposite  tack  with 
tablets:  They’re  issuing  corporate-owned  iPads  and  Android  devices.  And 
partly  as  a  result,  some  are  seeing  a  jump  in  costs  for  mobile  end  user  sup¬ 
port,  a  need  for  redesigned  custom  applications,  and  a  requirement  for  better 
device  administration. 

For  this  latest  installment  in  “Tablets  Go  Corporate,”  we  revisited 
three  companies  we  covered  in  December  2011  —  Bayada 
Home  Health  Care,  Hawthorn  Pharmaceuti¬ 
cals  and  The  Ottawa  Hospital  — 
along  with  a  new  one: 

►  See  BYOD, page  16 


Smarter  technology  for  a  Smarter  Planet: 

How  3.8  million  tailored  messages 
made  sales  numbers  look  fantastic,  too. 

Japanese  fashion  retailer  Start  Today  took  an  IBM  smarter  commerce  approach  to  their  business,  helping  increase 
annual  sales  on  their  Zozotown  Web  site  by  54.2%.  Their  customer-centric  focus  uses  Netezza®  and  Unica®  to  rapidly 
analyze  massive  amounts  of  data,  letting  them  create  personalized  messages  for  each  of  their  3.8  million  customers. 
Results?  The  solution  helped  increase  the  e-mail  open  rate  by  five  times  and  the  conversion  rate  by  nearly  1,000%. 
Smarter  commerce  is  built  on  smarter  software,  systems  and  services. 
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FROM  THE  EDITOR  JOHN  DIX 


6  Bits  Comments, 
Blogs  and  Online 


Appeals  decision 
slams  bank’s  security 

The  decision  by  the  United  States  Court  of 

Appeals  for  the  1st  Circuit  to  overturn  a  lower  court 
ruling  that  let  a  bank  off  the  hook  for  losses  incurred 
by  a  hacked  customer  has 
implications  for  both  finan¬ 
cial  institutions  (they  need  to 
do  more)  and  their  business 
customers  (who  typically  lack  legal  protection 
from  fraud  that  consumers  enjoy). 

While  a  lower  court  had  granted  Ocean  Bank  in  Maine 
a  summary  judgment,  saying  it  was  not  responsible  for 
$345,000  that  its  customer  Patco  Construction  lost  in 
illegal  bank  transfers  in  2009,  the  appeals  court  just  reversed  that  judgment,  say¬ 
ing  the  bank’s  security  system  was  not  “commercially  reasonable,”  meaning  Patco 
may  indeed  be  able  to  go  after  the  bank  for  some  of  the  losses. 

Time  will  tell  what  happens  next,  but  the  case  is  instructive.  First,  the  details  in  a 
nutshell  (you  can  read  the  whole  decision  at  tinyurl.com/7rcbxnh). 

Patco  made  weekly  electronic  funds  transfers  from  the  bank  for  payroll,  always 
from  a  static  IP  address  from  computers  at  the  company’s  offices  in  Sanford, 

Maine.  The  highest  payment  was  always  less  than  $40,000. 

The  bank,  according  to  court  records,  had  a  system  that  created  a  risk  profile 
for  each  customer  based  on  “the  location  from  which  a  user  logged  in . . .  how  often 
a  user  logged  in . . .  and  the  size,  type,  and  frequency  of  payment  order  normally 
issued.”  Transactions  generating  risk  scores  over  750,  on  a  range  of  0  to  1,000, 
were  considered  high  risk. 

Beginning  in  May  2009,  a  hacker,  logging  in  from  an  unrecognized  device,  from  a 
different  IP  address  at  a  different  location,  supplied  the  proper  credentials  of  a  Patco 
employee,  including  ID,  password  and  the  answer  to  three  challenge  questions,  and 
started  routing  Patco  money  to  a  number  of  new  accounts.  The  first  transaction  was 
for  $56,594  and  subsequent  transfers  jumped  up  to  $90,000  and  more. 

“The  risk-scoring  engine  generated  a  risk  score  of 790  for  the  [first]  transaction, 
a  significant  departure  from  Patco’s  usual  risk  scores,  which  generally  ranged 
from  10  to  214.”  But  the  bank  wasn’t  monitoring  the  risk-scoring  reports,  the  court 
says,  and  Patco  wasn’t  set  up  to  receive  email  alerts,  a  lose-lose  scenario. 

That,  combined  with  the  fact  the  bank  had  reduced  the  dollar  level  at  which 
its  system  required  challenge  questions  from  $100,000  to  $1  to  snare  low-value 
fraud,  rendered  the  bank’s  system  not  commercially  reasonable  because  the 
change  meant  answers  were  shared  constantly,  vastly  increasing  the  chances  of 
malware  capturing  the  information  before  anti-malware  tools  could  snoop  out  the 
intrusion.  Traces  of  the  Zeus  worm  were  found  on  a  Patco  computer. 

The  key  take-aways:  For  banks,  having  sophisticated  systems  in  place  doesn’t  do 
you  any  good  if  you  don’t  make  the  associated  process  changes  to  capitalize  on  them; 
and  for  business  customers,  beware  that  banks  don’t  necessarily  cover  you  for  fraud, 
but  cases  like  this  might  begin  to  give  you  some  leverage. 
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BYOD:  'Right'  or  'privilege'? 

©  AS  A  FORMER  20-something,  I  fondly 
remember  how  right  I  thought  I  was 
about  everything  in  my  job,  and  how 
many  “rights”  I  had  that  “the  man”  did 
not  recognize.  As  a  current  40-some¬ 
thing,  I  now  realize  what  an  idiot  I  was  as 
a  20-something  (Re:  “Young  employees 
say  BYOD  a  ‘right’  not  ‘privilege’”;  tinyurl. 
com/82rznkv). 

People  who  think  that  BYOD  and 
managing  their  own  security  is  a  “right” 
are  just  as  wrong  as  the  people  who  think 
BYOD  has  no  place  in  the  enterprise  and 
that  everything  must  be  locked  down 
with  military-grade  security. 

But  even  though  the  survey  respon¬ 
dents  are  apparently  misguided  en  masse, 
don’t  let  that  distract  you  from  the  point 
of  the  article:  This  is  the  mentality  of  the 
younger  parts  of  the 
workforce,  who  have 
never  known  a  day 
without  social  media, 
texting  or  whatever. 

And  for  IT  profession¬ 
als,  managing  that 
mindset  is  our  chal¬ 
lenge,  and  we  cannot 
ignore  that  challenge 
(unless  you  intend  to 
revise  your  IT  hiring 
strategy  to  “under  35 
need  not  apply”!) 

Michael  Carmack 


Top  schools  and 
getting  to  the  top 

©FRANKLY,  THIS  IS  preposterous.  How 
old  are  those  execs  with  degrees?  The 
world  has  changed  a  lot  in  the  past  decade 
and  the  effects  of  those  changes  are  still 
shaking  out  (Re:  “Why  Mark  Zucker- 
berg  is  a  bad  role  model  for  aspiring  tech 
execs”;  page  10). 

Having  myself  hired  for  advanced 
technical  over  the  past  10  years,  I  can 
most  certainly  tell  you  that  degrees  are 
proof  of  nothing  at  all.  I  used  to  believe 
that  they  were  a  clear  indicator  of,  at 
least,  a  modicum  of  discipline.  That  has 
turned  out  to  be  an  errant  assumption.  In 
fact,  the  entitlement  attitude  that  is  often 
fostered  by  the  college  environment,  has 
filled  the  technology  and  legal  fields  with 
under-qualified  candidates  who  feel 
themselves  too  good  to  start  in  associate- 
level  positions. 


The  most  troubling  thing  here  is  that 
you’re  using  a  single  flat  metric  (number 
of  CEOs  with  degrees)  to  establish  a 
causal  link.  You  didn’t  even  bother  pay  lip 
service  to  control  of  variables  associated 
therewith  (age,  gender,  geolocation,  etc). 

JoshRestivo 

©  ACTUALLY,  I  THINK  that  this  survey 
pretty  much  tells  us  that  the  particular 
school  is  not  that  important.  The  No.  1 
school  only  had  5  out  of  81.  Percent¬ 
agewise  that  is  not  significant  (Re:  “10 
top  colleges  for  tech  CEOs”;  tinyurl. 
com/8yqyd6a). 

The  story  here  is  go  to  a  school  where 
you  will  learn  what  you  need  and  then 
work  hard. 

Richard  Allen  King 


©  I’M  SORRY,  BUT  asa 

student  at  one  of  those 
top  schools  I  have  to 
disagree.  Strongly  (Re: 
“Tiger  Mom  was  right 
about  techie  teens”; 
tinyurl.com/7gmvxg5). 

OK,  there’s  data  that 
shows  going  to  a  top 
school  is  a  predictor  for 
becoming  a  tech  CEO 
later  in  life  (which  may 
or  may  not  have  any¬ 
thing  to  do  with  being  a 
“techie  teen,”  since  CEO 
is  business  side). 

However,  I’m 
disappointed  by  the 
unsupported  claim  that  this  “requires 
the  kind  of  extreme  parenting  advocated 
by  Amy  Chua.”  No.  It  doesn’t.  Indeed,  on 
the  rare  occasions  that  I’ve  heard  about 
Chua-level  ridiculousness,  it’s  prompted 
me  to  remind  my  parents  that  I  love  them 
and  am  incredibly  grateful  for  the  way 
they  raised  me. 

More  importantly,  the  article  provides 
absolutely  zero  evidence  to  back  up 
the  claim.  I  would  love  to  see  data  on 
parenting  style  as  a  predictor  of  getting 
into  a  top  college  —  I  suspect  there  may 
well  be  some  correlation  —  but  that’s  not 
what  this  article  is  about,  and  pretending 
otherwise  could  be  damaging  to  the  hap¬ 
piness  of  prospective  students  and  their 
families,  as  well  as  the  way  that  these 
schools  and  their  students  are  viewed. 

traimangcut 


Having  hired 
for  advanced 
technical  over  the 
past  10  years, 

I  can  tell  you 
that  degrees  are 
proof  of  nothing. 
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One  huge 
security  breach 
down,  another 
emerges:  Yahoo 


THE  DUST  IS  just  settling  around  the  massive  eHarmony 
website  data  breach,  in  which  more  than  1.5  million  eHarmony 
password  hashes  were  stolen  and  later  dumped  online  by  the 
hacker  gang  called  Doomsday  Preppers.  And  what  do  you  know, 
now  Yahoo  has  been  victimized  by  a  similarly  devastating  attack 
in  which  it  appears  more  than  453,000  Yahoo  user  login  creden¬ 
tials  have  been  exposed  after  claims  by  a  hacker  group  calling 
itself  D33D  Company  that  it  broke  into  a  Yahoo  server,  stole  the 
credentials  and  dumped  them.  Some  expressed  shock  -  that 
Yahoo  still  had  that  many  users  with  login  credentials. 
tinyurl.com/7mkxpf8 
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Wi-Fi  Direct: 

Don't  forget  us! 

THE  WI-FI  Direct  standard 
may  get  a  much-needed  boost 
next  year  from  work  by  the 
Wi-Fi  Alliance  to  make  it  easier 
to  use  for  both  consumers  and 
developers.  The  specification 
for  peer-to-peer  links  among 
devices  debuted  in  2010  and 
has  been  delivered  in  some 
products,  including  the  Sam¬ 
sung  Galaxy  S  III  smartphone, 
but  it  has  yet  to  become  a  major 
platform  for  new  uses  of  Wi-Fi 
across  a  wide  range  of  devices. 
The  alliance’s  Wi-Fi  Direct 
Services  task  group,  formed 
last  month,  plans  to  develop 
new  software  mechanisms  to 
help  devices  and  applications 
determine  how  they  can  work 
together,  Wi-Fi  Alliance  Execu¬ 
tive  Director  Edgar  Figueroa 


said  in  an  interview  last  week. 
Those  efforts  are  on  a  fast  track 
and  should  be  completed  within 
12  to  18  months,  he  said.  The 
Alliance  is  working  on  ways 
for  devices  to  advertise  their 
capabilities  to  each  other  and 
tell  the  user  what  they  can  do. 
With  this  approach,  “The  con¬ 
nection  doesn’t  come  first,  the 
application  discovery  comes 
first,”  Figueroa  said,  tinyurl. 
com/87t8j4m 

If  loans  sound  too 
good  to  be  true... 

A  CRIME  ring  using  fake 
websites  and  online  ads  to  lure 
thousands  of  victims  into  their 
loan-fraud  scheme  that  robbed 
them  of  millions  of  dollars 
has  been  disrupted  by  federal 
authorities.  A  federal  grand 


CONNECTING  TO  THE  CLOUD  FROM  CERN 


jury  in  Buffalo,  N.Y.,  last  week 
returned  a  62-count  indictment 
against  32  defendants  residing 
in  Michigan,  New  York  and 
Canada  accused  of  defrauding 
what  could  be  more  than  2,000 
victims  who  lost  $2.7  million  in 
a  loan-fraud  scheme  carried  out 
since  2005.  It  was  all  based  on 
fake  Internet  advertising  that 
often  mimicked  the  names  of 
actual  financial  firms  to  make  it 
seem  legitimate,  tinyurl.com/ 
cb86b3e 


BlackBerry  10 
in  2013:  Worth 
the  wait? 

RIM  CEO  Thorsten Heins, 
speaking  to  shareholders  last 
week,  revealed  that  the  recently 
delayed  BlackBerry  10  devices 
will  rely  heavily  on  improved 
BlackBerry  Messenger  social 
network  software  including 
advanced  video  chat.  But  will 
that  be  enough  to  keep  Black¬ 
Berry  shops  from  switching 
allegiances?  The  financially 
struggling  firm  has  taken  a  beat¬ 
ing  lately  by  industry  watchers 
for  its  decision  to  push  delivery 
of  its  next-generation  Black¬ 
Berry  smartphones  into  2013 
even  as  Apple  is  likely  gearing 
up  to  deliver  a  new  iPhone 
before  then,  tinyurl.com/ 
boa6oly 


Higgs  boson 
researchers' 
next  challenge: 
the  cloud 

HOW  DID  European  research¬ 
ers  working  on  the  Higgs 
boson  recently  make  one  of  the 
most  revolutionary  physics 
discoveries  in  recent  decades? 
From  an  IT  perspective,  they 
relied  on  a  good  old-fashioned 
grid  computing  infrastructure, 
though  a  new  cloud-based  one 
may  be  in  the  offing.  For  the  first 
couple  of  years  after  the  grid 
computing  infrastructure  was 
created,  it  handled  15  petabytes 
to  20  petabytes  of  data  annually. 
This  year,  CERN  is  on  track  to 
produce  up  to  30  petabytes  of 
data.  “There  was  no  way  CERN 
could  provide  all  that  on  our 
own,”  says  Ian  Bird,  CERN’s 
computing  grid  project  leader, 
and  that’s  where  cloud  comput¬ 
ing  could  come  in.  “But  at  this 
point,  we’re  just  not  sure  of  the 
costs  and  how  it  would  impact 
our  funding  structure.”  tinyurl. 
com/774dce8 

U.S.  presidential 
campaigns 
ready  for  mobile 
onslaught 

WEEKS  BEFORE  the  U.S. 
Republican  and  Democratic 
national  conventions  that  will 
anoint  each  party’s  nominee 
for  president,  special  equip¬ 
ment  to  boost  cellular  signals  in 
each  party’s  venues  is  already 
nearly  installed.  The  thousands 
of  participants  and  armies  of 
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BUILT  FOR 
THE  HUMAN 
NETWORK 


■  1 1 1  •  1 1 1 1 
CISCO. 


DELIVER  THE  BEST 
EXPERIENCE  ON  EVERY 
PHONE,  TABLET  AND  GADGET 

(EVEN  ONES  THAT  HAVEN’T 

BEEN  INVENTED  YET). 

Mobile  customers  get  savvier-and  more  demanding-every  day.  So  the 
network  has  never  mattered  more.  With  device  numbers  set  to  nearly  double 
in  four  years,  Cisco  is  helping  carriers  offer  better  plans,  more  services  and, 
always,  a  top-tier  experience.  The  Ciscot?'  Intelligent  Network  masters  any 
device,  anywhere,  anytime.  Regardless  of  operating  system,  communications 
standard,  apps  or  hardware.  Now,  offering  customers  more  is  an  easy  call. 

Use  the  device  of  your  choice  to  learn  more  at  cisco.com/go/yourway 


bits 


BAD  UGLY 


Geeks  unite  at 
Comic-Con  2012 


NOTHING  BRINGS  nerds 
together  like  the  prom¬ 
ise  of  seeing  the  origi¬ 
nal  Luke  Skywalker, 

Mark  Hamill,  in  a 
panel  discussion, 
or  dressing  up  in 
their  favorite  superhero 
costumes,  and  this  past 
weekend’s  Comic-Con  International  2012  in 
San  Diego  had  that  and  more.  More  than  140,000 
attendees  took  in  an  extended  weekend  full  of  the 
latest  on  comics,  action  figures,  anime,  TV  shows/ 
movies  and  more  at  the  annual  confab. 


SON 


reporters  that  will  flock  to 
both  events  are  expected 
to  produce  enough  calls, 
tweets,  videos  and  other 
mobile  traffic  to  bring  an 
average  cellular  network  to 
its  knees.  So  TE  Connectivity 
is  deploying  DASs  (distrib¬ 
uted  antenna  systems)  all 
around  the  facilities  where 
the  parties  will  meet,  tinyurl. 
com/7lu9bd6 


As  if  it  isn't  bad 
enough  PCs  can 
beat  you  at  chess 
and  checkers 


Deja  vu  for  Salesforce.com 
customers 


SALESFORCE.COM  SUFFERED  a  significant  service 
outage  on  Tuesday,  July  10,  less  than  two  weeks  after 
another  serious  set  of  system  problems.  The  cloud- 
based  customer  relationship  management  ven¬ 
dor’s  systems  are  divided  into  many  instances 
around  the  world,  each  serving  customers  in 
different  geographic  regions.  Seven  instances 
went  down  at  some  time  or  another  on  Tuesday, 
starting  with  NA1,  NA5  and  NA6  in  North  America, 
according  to  a  notice  posted  on  Salesforce.com’s  sys¬ 
tem  status  page.  Power  problems  might  have  been  to 
blame.  The  problems  suffered  in  June  were  caused  by 
a  fault  in  Salesforce.com’s  storage  tier. 


Google  Play  not  all 
fun  and  play 


AN  A I  system  that  can  watch 
two-minute  videos  of  some  sim¬ 
ple  board  games  being  played, 
learn  the  rules,  and  then  play 
against  human  opponents  has 
been  developed  by  Lukasz  Kai¬ 
ser,  a  researcher  at  Paris  Diderot 
University.  While  the  program 
is  still  unable  to  accuse  you  of 
cheating  and  leave  the  game  in  a 
huff,  the  level  of  sophistication 
displayed  by  Kaiser’s  invention 
is  nonetheless  highly  impressive. 
Even  more  impressive  is  the  fact 
that  Kaiser’s  first  tests  of  the  AI 
—  on  tic-tac-toe.  Connect  Four, 
Go-Moku,  Pawns  and  Break¬ 
through  —  were  conducted  on  a 
laptop  with  a  single-core  proces¬ 
sor  and  4GB  of  RAM.  tinyurl. 
com/6nyceer 


Microsoft 
Imagine  Cup 

Highlights  from  the 
10th  annual  Imagine 
Cup  in  Sydney,  which 
brought  together  350 
young  people  to  tackle 
social  issues. 
tinyurl.com/6vlu522 
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New  Windows 
on  the  way 

WINDOWS  8,  the  next  major 
upgrade  of  Microsoft’s  operat¬ 
ing  system  for  PCs,  tablets 
and  laptops,  will  be  released 
to  manufacturers  in  August 
and  will  ship  commercially  in 
October,  the  company  said  last 
week.  Microsoft  had  previously 
said  that  the  OS  would  be  com¬ 
mercially  available  before  the 
end  of  the  year  but  hadn’t  given 
a  firm  shipping  date.  Micro¬ 
soft  also  said  it  will  release  to 
manufacturers  (RTM)  its  next- 
generation  operating  system 
for  the  server,  Windows  Server 
2012,  next  month,  tinyurl. 
com/6vkldy5 


SECURITY  RESEARCHERS  from  Symantec  last  week 
said  they  have  identified  two  malware  apps  on  Google 
Play  that  used  a  multistage  payload  delivery  system 
in  order  to  remain  undetected.  The  apps,  which 
have  since  been  removed  by  Google,  masqueraded 
as  two  games  —  "Super  Mario  Bros."  and  “GTA 
3  —  Moscow  city.”  "Both  were  posted  to  Google 
Play  on  June  24  and  since  then  have  generated 
in  the  range  of  50,000  to  100,000  downloads," 
Symantec  security  researcher  Irfan  Asrar  said  in 
a  blog  post.  Once  installed,  the  apps  downloaded 
an  additional  package  called  Activator.apk  from  a 
Dropbox  account  and  prompted  the  device  owners  to 
install  it.  This  secondary  Activator  app  sent  SMS  mes¬ 
sages  to  a  premium-rate  number  located  in  Eastern 
Europe,  after  which  it  asked  to  be  uninstalled.  The  fact 
that  the  malicious  payload  was  delivered  in  multiple 
stages  is  probably  why  the  apps  managed  to  remain 
undetected  for  so  long  on  Google  Play,  Asrar  said. 


Percentage  of  mobile  Wi-Fi  connec 

>  i  «' — '  ■  f  |  i  Inc*  I  t  i  • 


tions  registered  by  Cloud  Nine  Media, 
which  runs  ad-supported  Wi-Fi  net¬ 
works  in  more  than  5,000  airports  and 
hotels,  in  a  recent  30-day  period. 
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GO  DADDY  DNS  ANSWERS  10  BILLION 

QUERIES  DAILY  &  IS  AVAILABLE  OVER  IPV6 

We  take  your  site's  availability  seriously. 


GO  DADDY  MANAGES  25  PETABYTES 

OF  NETWORKED  DATA  STORAGE 

We  take  your  data  needs  seriously. 


GO  DADDY  NETWORKS  MOVE  75Gbps 

OF  CUSTOMER  DATA  GLOBALLY  EVERY  DAY 

We  take  your  visitors  seriously. 


GO  DADDY  BLOCKS  2.5  MILLION 

ATTACKS  TO  OUR  HOSTED  SERVERS  EVERY  HOUR 

Our  world-class  Security  Operations  Center 
takes  security  seriously,  24/7. 


Serious  about  tech?  So  are  we. 

Call  480.463.8272  to  learn  more  or  visit  tech.godaddy.com 


TREND  ANALYSIS 

Why  Mark  Zuckerberg  is  a  bad 
role  model  for  aspiring  tech  execs 


BY  CARO LYN  DUFFY  MARSAN 

WANT  TO  run  a  successful  high-tech  com¬ 
pany?  Don’t  drop  out  of  college. 

The  myth  of  the  brilliant  Ivy  League  stu¬ 
dent  who  starts  a  business  in  his  dorm  room, 
drops  out  of  school,  and  goes  on  to  run  a  suc¬ 
cessful  high-tech  startup  for  many  decades  to 
come  is  essentially  just  that:  a  myth.  Despite 
a  few  high-profile  exceptions  —  such  as  Mark 
Zuckerberg  and  Bill  Gates  —  the  vast  major¬ 
ity  of  CEOs  running  successful  U.S.  high-tech 
firms  have  college  degrees,  and  more  than 
half  have  at  least  one  graduate  degree. 

We  analyzed  the  educational  backgrounds 
of  the  50  highest  paid  and  most  powerful 
CEOs  in  the  U.S.  tech  industry,  and  what  we 
found  is  that  only  three  of  them  —  Michael 
Dell  of  Dell  Computers,  Mark  Zuckerberg  at 
Facebook  and  Larry  Ellison  at  Oracle  —  are 
college  dropouts.  And,  of  course,  their  suc¬ 
cess  is  the  result  of  founding  their  own  com¬ 
panies  as  opposed  to  being  hired  by  a  board  of 
directors  to  run  an  existing  tech  firm. 

“I’ve  met  as  many  successful  tech  CEOs 
who  have  dropped  out  college  as  I’ve  met 
folks  who  have  won  the  lottery,”  says  Pro¬ 
fessor  Jerry  Luftman,  managing  director 
of  the  Global  Institute  for  IT  Management, 
who  holds  a  doctorate  in  information  sys¬ 
tems  from  Stevens  Institute  of  Technology. 
“There  are  always  going  to  be  exceptions 
to  any  rule.  But  if  you  are  a  betting  person, 
you  would  increase  your  odds  of  becoming  a 
tech  executive  if  you  have  a  college  education 
and  a  senior  executive  if  you  have  a  manage¬ 
ment  degree.” 

Jeff  Hocking,  senior  client  partner  at 
executive  recruiting  firm  Korn/Ferry  Inter¬ 
national,  says  he  doubts  Zuckerberg  would 
even  get  an  interview  for  a  CEO  job  at  another 
tech  company. 

“There  are  a  few  people  like  Bill  Gates  who 
were  college  dropouts  and  were  founders  of 
successful  tech  companies,  but  none  of  these 
people  came  into  the  CEO  role  from  some¬ 
where  else,”  Hocking  says.  “I  have  placed 
a  few  non-CEOs  without  degrees,  but  they 
have  had  20  to  30  years  of  a  successful  career. 
It  would  be  very  difficult  for  me  to  encourage 
my  son,  who  is  a  freshman  in  college,  to  drop 
out  and  start  a  company.” 

Of  the  50  top  high-tech  CEOs,  27  com¬ 
pleted  not  only  an  undergraduate  degree  in 
computer  science,  engineering  or  business, 
but  also  hold  a  master’s  degree  in  one  of 


these  fields.  Seven  of  these  CEOs  completed 
two  post-graduate  degrees.  Three  high-tech 
CEOs  hold  a  Ph.D.,  while  one  holds  a  law 
degree. 

Indeed,  it  appears  that  the  motto  for  aspir¬ 
ing  high-tech  CEOs  should  be:  the  more  for¬ 
mal  education,  the  better. 

Consider  the  example  of  Dan  Hesse,  CEO 
and  president  of  Sprint  Nextel.  Not  only  does 
he  hold  a  bachelor’s  degree  in  government 
and  international  studies  from  the  Univer¬ 
sity  of  Notre  Dame  and  an  MBA  from  Cornell 
University,  he  also  holds  a  master’s  degree 
from  the  Sloan  School  of  Management  at  Mas¬ 
sachusetts  Institute  of  Technology,  where  he 
won  the  Brooks  Thesis  Prize  for  writing  the 
outstanding  master’s  thesis. 

Another  highly  educated  CEO  is  Paul 
Jacobs,  CEO  and  chairman  at  Qualcomm, 
who  holds  three  degrees  from  the  University 
of  California  at  Berkeley  College  of  Engi¬ 
neering:  a  bachelor’s,  a  master’s  and  a  doc¬ 
torate,  all  in  electrical  engineering.  Jacobs 
subsequently  won  the  Berkeley  Engineering 
Innovation  Award  in  2008,  and  he  endowed 
a  professorship  at  the  school.  In  terms  of  his 
field  of  study,  Jacobs  followed  in  the  footsteps 
of  his  father,  Qualcomm  co-founder  Irwin 
Jacobs,  who  also  holds  a  bachelor  degree 
from  Cornell  University  in  electrical  engi¬ 
neering,  along  with  master’s  and  doctorate 
degrees  in  the  same  field  from  Massachusetts 
Institute  of  Technology. 

Similarly,  Dominic  Orr,  president  and 
CEO  of  Aruba  Networks,  holds  not  only  an 
undergraduate  degree  in  physics  but  also 
two  graduate  degrees  in  the  sciences  —  a 
master’s  in  physics  and  a  doctorate  in  biol¬ 
ogy  —  from  California  Institute  of  Technol¬ 
ogy,  where  he  was  named  a  Distinguished 
Alumni  in  2010. 

Jacobs  and  Orr  are  unusual  because  few 
tech  companies  want  to  hire  Ph.D.s  as  CEOs, 
Hocking  says.  “Tech  companies  constantly 
look  down  on  Ph.D.s,”  Hocking  says.  “You’d 
think  there  might  be  more  Ph.D.s  in  tech 
CEO  roles  like  there  are  in  biotech  or  medical 
devices,  but  you  rarely  see  them  in  tech  com¬ 
panies.  Seventy  to  80%  of  the  tech  CEOs  we 
place  have  engineering  degrees  with  an  MBA. 
...  That’s  the  sweet  spot.” 

Of  our  sample  of  50  CEOs,  17  have  under¬ 
graduate  degrees  in  computer  science,  com¬ 
puter  engineering  or  electrical  engineering. 
Another  six  have  undergraduate  degrees  in 
other  types  of  engineering,  while  three  have 
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Here’s  a  list  of  high-tech 
CEOs  who  didn’t  don  a  cap 
and  gown  except  for  a  com¬ 
mencement  address,  yet  they 
managed  to  make  billions  of 
dollars  in  the  tech  industry. 


Michael  Dell 

Dropped  out  of  the  University 
of  Texas  at  Austin  to  start  Deil 
Computers. 


Larry  Ellison 

Dropped  out  of  University  of 
Illinois  and  later  the  University 
of  Chicago,  held  various  programming 
jobs  and  eventually  co-founaed  Oracle 
with  Bob  Miner,  a  u  of  I  grad  with  a 
mathematics  degree. 


Bill  Gates 

Dropped  out  of  Harvard 
to  start  Microsoft. 


Steve  Jobs 

Finished  six  months  at  Reed 
College,  held  various  engineer¬ 
ing  jobs,  and  started  Apple  Computer 
with  fellow  college  dropout  Steve  Woz- 
niak,  who  completed  one  year  at  Univer¬ 
sity  of  California  at  Berkeley. 


Mark  Zuckerberg 

Dropped  out  of  Harvard 
to  start  Facebook. 


mathematics  degrees  and  three  have  degrees 
in  physics.  More  than  10%  of  high-tech  CEOs 
continued  on  as  graduate  students  in  com¬ 
puter-related  fields,  with  six  holding  master’s 
degrees  in  either  computer  science  or  electri¬ 
cal  engineering. 

Another  popular  path  to  a  high-tech  CEO 
job  is  to  study  business  in  college,  with  15  of 
the  50  high-tech  CEOs  holding  undergradu¬ 
ate  degrees  in  economics,  finance,  account¬ 
ing  or  business  administration.  Additionally, 
more  than  one-third  —  19  out  of  50  —  have 
master’s  degrees  in  business  administration 
or  management. 

“If  you’re  starting  off  with  technical 
responsibilities,  obviously  you  need  a  tech¬ 
nical  base,”  the  Global  Institute  of  IT  Man¬ 
agement’s  Luftman  says.  “But  we  know, 
because  we  have  done  enough  research 
over  the  years,  that  a  technical  education 
isn’t  enough  for  any  career,  whether  it’s  at  a 
vendor  or  user  company.  You  need  the  right 
balance  of  technical,  business,  management 
and  interpersonal  skills  to  be  a  successful 
executive.”  ■ 
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Deploy  your  IT  space 
with  speed,  not  complexity. 
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Adaptable 

Our  solutions  can  be  adapted  to  fit  any  IT  configuration  at  any 
time  —  from  small  IT  to  data  centers!  Vendor-neutral  enclosures, 
for  example,  come  in  different  depths,  heights,  and  widths  so  you 
can  deploy  your  IT  in  whatever  space  you  have  available  —  from 
small  IT  or  non-dedicated  spaces  to  even  large  data  centers. 


Manageable 

Local  and  remote  management  are  simplified  with  “out-of- 
the-box”  UPS  outlet  control,  integrated  monitoring  of  the 
local  environment,  and  energy  usage  reporting.  Manageability 
over  the  network  and  robust  reporting  capabilities  help  you 
prevent  IT  problems  and  quickly  resolve  them  when  they  do 
occur  —  from  anywhere!  What's  more,  our  life  cycle  services 
ensure  optimal  operations. 
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Simple 


We  are  committed  to  making  our  solutions  the  easiest  to  install, 
configure,  and  integrate  into  either  existing  IT  systems  or  data  centers 
—  or  new  build-outs.  We  ship  our  solution  as  “ready  to  install”  as 
possible  (e.g.,  tool-less  rack  PDU  installation  and  standard  cable 
management  features).  With  our  easy-to-configure  infrastructure,  you 
can  focus  on  more  pressing  IT  concerns  such  as  network  threats. 
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Easy-to-deploy  IT  physical  infrastructure 


InfraStruxure 


Solution  guides  make  it  easy  to  determine  what  you  need  to  solve  today’s  challenges.  The  core  of 
our  system,  vendor-neutral  enclosures  and  rack  PDUs,  makes  deployment  incredibly  headache- 
free.  Easily  adjustable  components,  integrated  baying  brackets,  pre-installed  leveling  feet,  and 
cable  management  accessories  with  tool-less  mounting  facilitate  simple  and  fast  installation. 

Business-wise,  Future-driven.™ 


Integrated  InfraStruxure™  solutions  include 
everything  for  your  IT  physical  infrastructure 
deployment:  backup  power  and  power 
distribution,  cooling,  enclosures,  and 
management  software.  Adaptable  solutions 
scale  from  the  smallest  IT  spaces  up  to 
multi-megawatt  data  centers. 


Make  the  most  of  your  IT  space! 

Download  our  Top  3  solution  design  guides 
today  and  enter  to  win  an  iPad®  2! 

Visit:  www.apc.com/promo  Key  Code:  r975v  •  Call:  888-289-APCC  x6429 
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TREND  ANALYSIS 


Microsoft  will  revamp  Windows  encryption  keys 

Microsoft  security  change  could  cause  problems  for  legacy  systems,  applications 


ENCRYPTION 
KEYS 

How  many  bits  is  enough? 

Strength  of  encryption 
depends  on  key  length  but 
also  on  other  factors  such  as: 

•  number  of  keys  used 

/■ 

«  encryption  algorithm  used 

•  whether  the  algorithm  leaks 
key  information 

•  type  of  attacks  used 

•  projected  algorithm 
security  lifetime 

SOURCE:.  NIST  SPECIAL  PUBLICATION  800-57.  2012 
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BYTIM  GREENE 

STARTING  NEXT  month,  updated  Win¬ 
dows  operating  systems  will  reject  encryp¬ 
tion  keys  smaller  than  1024  bits,  which  could 
cause  problems  for  customer  applications 
accessing  websites  and  email  platforms  that 
use  the  keys. 

The  cryptographic  policy  change  is  part  of 
Microsoft’s  response  to  security  weaknesses 
that  came  to  light  after  Windows  Update 
became  an  unwitting  party  to  Flame  malware 
attacks,  and  affects  Windows  XP,  Windows 
Server  2003,  Windows  Server  2003  R2,  Win¬ 
dows  Vista,  Windows  Server  2008,  Windows 
7  and  Windows  Server  2008  R2  operating 
systems,  according  to  the  Windows  PKI  blog 
written  by  Kurt  L.  Hudson,  a  senior  technical 
writer  for  the  company. 

“To  prepare  for  this  update,  you  should 
determine  whether  your  organization  is 
currently  using  keys  less  than  1024  bits,” 
Hudson  writes.  “If  it  is,  then  you  should 
take  steps  to  update  your  cryptographic  set¬ 
tings  such  that  keys  under  1024  bits  are  not 
in  use.” 

Even  with  preparation,  updated  machines 
may  face  issues  such  as  error  messages  when 
browsing  to  websites  with  SSL  certificates 
that  are  below  the  minimum  1024.  They  may 
also  face  problems  enrolling  for  certificates 
when  certificate  requests  use  a  1024  or  less 
key,  the  blog  says.  Installing  Active  X  con¬ 
trols  signed  with  1024-bit  or  less  signatures 
will  also  fail. 

The  same  is  true  for  installing  applications 
signed  with  less  than  1024-bit  signatures. 
The  exception  is  those  applications  signed 
before  Jan.  1,  2010,  which  will  be  allowed  by 
default,  the  blog  says. 

The  use  of  cryptographic  keys  shorter  than 
1024  bits  makes  them  too  vulnerable  to  brute- 
force  attacks,  Microsoft  says,  something  that 
is  widely  recognized  and  dealt  with,  but  not 
universally. 

The  biggest  challenge  for  businesses  get¬ 
ting  ready  for  the  change  will  likely  be  with 
legacy,  in-house  applications  that  interact 
with  Windows  platforms,  says  John  Pironti, 
president  of  IP  Architects  and  the  security 
track  leader  for  Interop. 

Microsoft  and  many  other  software  ven¬ 
dors  can  readily  update  the  rules  under 
which  they  accept  certificates,  he  says.  It  may 
not  be  that  easy  to  alter  the  rules  used  by  cus¬ 
tom  applications,  and  in  some  cases  IT  secu¬ 
rity  pros  may  not  recall  all  the  places  where 


smaller  key  sizes  are  used.  “That  box  just 
works  and  nobody  thinks  about  it,”  he  says. 
“A  lot  of  cases  will  be,  ‘Oh,  we  forgot,’  or,  ‘We 
don’t  know  how  to  upgrade  that  cert.’” 

Dealing  with  such  cases  manually  will 
require  time  and  money,  he  says.  In  addi¬ 
tion  to  changing  settings,  some  hardware 
may  need  to  be  replaced  because  larger  keys 
sap  more  processing  power.  On  maxed-out 
machines,  the  added  computation  could 
cause  unacceptable  delay. 

Overall,  though,  the  transition  should  be 
more  of  an  annoyance  than  anything  else, 
Pironti  says.  As  certificates  issued  to  busi¬ 
nesses  expire,  they  are  generally  replaced 
with  certs  using  longer  keys,  he  says,  so  there 
might  not  be  so  many  that  remain  in  use. 

There  are  commercial  tools  for  finding  and 
automatically  replacing  certificates  that  are 
too  short,  Pironti  says.  Among  them  is  Direc¬ 
tor  made  by  Venafi,  which  contributed  to  the 
latest  NIST  Information  Technology  Labora¬ 
tory  bulletin  on  certificate  authority  compro¬ 
mise  and  fraudulent  certificates. 

NIST  currently  has  set  a  deadline  of  Dec. 
31, 2013,  for  when  entities  ought  to  stop  using 
1024-bit  RSA  and  DSA  encryption.  “How¬ 
ever,  since  such  keys  are  more  and  more  likely 
to  be  broken  as  the  2013  date  approaches,  the 


data  owner  must  understand  and  accept  the 
risk  of  continuing  to  use  these  keys  to  gener¬ 
ate  digital  signatures,”  according  to  a  special 
publication  called  “Transitions:  Recommen¬ 
dation  for  Transitioning  the  Use  of  Crypto¬ 
graphic  Algorithms  and  Key  Lengths,”  pub¬ 
lished  in  2011. 

Microsoft  is  updating  its  operating  sys¬ 
tems  in  the  wake  of  the  Flame  malware  used 
to  spy  on  networks  in  Iran.  Flame  exploited 
Microsoft’s  use  of  the  MD5  hashing  algorithm 
in  authenticating  Windows  Update.  Micro¬ 
soft  officially  disallowed  its  use  in  2009  but 
failed  to  weed  it  out  of  its  own  products,  par¬ 
ticularly  Terminal  Server  Licensing  Service. 
Researchers  figured  out  how  to  compromise 
MD5  using  what  they  call  collision  attacks 
to  obtain  fraudulent  certificates  that  are 
accepted  as  real. 

Since  Flame  was  publicized,  Microsoft  has 
started  a  campaign  not  only  to  shut  down  use 
of  MD5  but  also  to  beef  up  other  areas  that 
have  not  fallen  victim  to  attackers. 

The  August  update  will  follow  on  yester¬ 
day’s  security  advisory  revoking  trust  for 
28  certificates  that  fail  the  company’s  own 
recently  upgraded  security  standards  for  the 
public  key  infrastructure  underpinning  Win¬ 
dows  Update.  ■ 
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►  Enterasys ,  from  page  1 

Concord  Communications  was  bought  by  CA. 
One  of  my  claims  to  fame  is  I  sold  Spectrum/ 
Aprisma  three  times. ... 

I  joined  Enterasys  in  2006  after  The  Gores 
Group  took  the  company  private  and  brought 
in  a  management  team  to  rebuild  them.  So  I 
joined  doing  the  same  thing  I  was  doing  at 
Aprisma,  everything  technical.  And  then 
about  midway  through  2008  Gores  part¬ 
nered  with  Siemens  AG  to  create  the  joint 
venture  of  Siemens  Enterprise  Communi¬ 
cations  and  Enterasys,  Enterasys  being  the 
network  part  of  that  and  Siemens  Enterprise 
Communications  being  voice  and  unified 
communications  and  video. 

And  how  would  you  summarize 
the  Enterasys  portfolio  today? 

Access  switching,  data  center  core  switching 
and  then  the  management  platform,  which 
includes  security. 

You’ve  been  living  in  a  very  competitive 
industry  for  a  long  time.  How  do  you 
position  the  company  today? 

We  have  a  technical  differentiation  and  we 
have  a  company  differentiation.  On  the  tech¬ 
nical  side  it  is  one  fabric.  End-to-end  visibility 
and  control  and  policy  management,  whether 
you’re  at  access  switching,  wired,  wireless, 
all  the  way  through  the  data  center.  All  open 
standards,  but  a  central  management  plat¬ 
form  that  treats  the  entire  system  like  a  sys¬ 
tem,  and  that  makes  us  really  different. 

And  as  a  company  we  go  to  market  differ¬ 
ently.  We  really  believe,  and  it’s  our  ethos, 
there’s  nothing  more  important  than  our  cus¬ 
tomers,  and  we  have  a  different  customer  ser¬ 
vice  support  model  than  anybody  in  this  space. 
We’re  100%  in-source  support.  The  technical 
support  engineers  work  side-by-side  with  the 
actual  development  engineers.  And  so  when 
you  call  us  up  and  you  get  technical  service,  it 
is  by  far  better  than  any  other  vendor. 

Everyone  likes  that  word  “fabric”  these 
days,  but  how  do  you  define  it? 

I  think  the  definition  of  fabric  varies  from 
vendor  to  vendor.  If  people  specifically  talk 
about  the  data  center  it’s  really  about  any- 
to-any  connection  —  high  performance,  low 
latency,  any-to-any  connection.  For  us  fabric 
is  about  that  policy-based  visibility  and  con¬ 
trol  throughout  the  infrastructure.  Really 
our  model  is  not  far  off  from  software  defined 
networking.  A  centralized  engine  that  actually 
creates  the  policy  control  capabilities,  but  then 
implementation  is  pushed  down  into  the  infra¬ 
structure.  So  we  localize  that  control  capability 
as  close  to  the  user  or  the  application  or  server 


company  Enterasys 

HEADQUARTERS  Andover,  Mass. 

10  consecutive  quarters  of  year-over- 
year  growth 

Revenues  for  next  12  months:  *  $400 
million 

Revenue  CAGR:  9%  to  10%  over  three 
years,  but  includes  legacy  products 
nearing  end  of  life.  Future  growth  will  be 
higher,  driven  by  new  products. 

Access  and  data  center  product  three 
year  CAGR:  35%+ 

Wireless  product  three  year  CAGR:  50%+ 


as  possible,  but  there’s  a  centralized  manage¬ 
ment  platform.  And  that  really  is  different, 
and  we  do  it  across  the  wired  and  the  wireless 
environment. 

“Locally”  meaning  in  every  switch? 

In  every  switch.  But  the  differentiated  capa¬ 
bilities  for  us  is  that  unified  control  mecha¬ 
nism  that  we  can  implement  at  a  very  granu¬ 
lar  level.  There  are  40  to  50  attributes  we  can 
use  to  make  policy  decisions.  On  who  you 
are,  what  you’re  doing,  where  you’re  doing  it 
from,  what  time  of  day  you’re  doing  it,  what 
type  device  you’re  doing  it  from,  etc. 

So  is  this  the  heart  of  your  BYOD  stuff? 

Yes. 

What  kind  of  opportunity 
does  BYOD  represent? 

For  certain  environments,  we  were  already 
doing  many  pieces  of  this.  So  our  recent 
release  Mobile  IAM  brought  a  lot  of  things 
together,  created  new  reporting  capabilities, 
new  visibility  capabilities,  some  new  auto¬ 
mation  and  some  open  APIs  so  we  could 
integrate  with  other  applications,  like  MDM 
applications. 

But  opportunities  depend  on  the  vertical 
market.  There  are  certain  verticals  where 
doing  device  profiling  and  managing  what 
users  are  doing  what  on  the  network  and 
when  is  extremely  important,  and  then  there 
are  other  environments  where  they  want 
everything  wide  open. 

Take  higher  education.  One  institution 
could  grant  full  access,  let  everybody  do 
whatever  they  want,  even  gaming,  because 
they  want  to  attract  students.  But  another 
institution  may  want  to  say,  “OK,  if  you’re 


gaming,  you  get  this  quality  of  service.  If 
you’re  accessing  the  institution  applications, 
then  you  get  this  prioritization.” 

At  the  core  it’s  all  about  identity? 

For  the  Mobile  IAM  solution,  that’s  exactly 
what  we’re  doing.  It  doesn’t  matter  if  it’s  a 
user.  It  could  be  a  security  camera,  it  could  be 
a  printer,  but  how  we  implement  Mobile  IAM 
is  specific  to  that  environment.  If  you  bring  a 
smartphone  or  a  tablet  into  the  environment,  I 
want  to  be  able  to  discover  it.  I  want  to  be  able 
to  profile  that  and  then  I  want  to  be  able  to  give 
you  a  certain  level  of  capabilities  to  access  cor¬ 
porate  networks  to  do  certain  things. 

Some  will  just  implement  the  visibility 
part  of  it,  while  others  will  implement  the 
control  part  too.  The  visibility  part  is 
extremely  important  because  I  want  to  know 
what  you’re  doing  and  when  you’re  doing  it  in 
certain  environments. 

I’ll  give  you  an  example.  Anderson  County 
Schools  in  Kentucky  is  one  of  our  customers 
that  implemented  this  solution.  They  actually 
allow  students  to  take  tests  on  their  laptops  in 
the  classroom.  Well,  the  test  is  on  the  server  in 
their  data  center  so  you  need  them  to  be  able 
to  access  that,  but  you  don’t  want  them  to  be 
able  to  access  the  Internet  during  the  test.  But 
the  teacher  in  that  same  room,  you  want  to 
allow  them  to  have  complete  access.  So  there 
it’s  user  based,  role  based,  and  time  of  day 
access  to  the  infrastructure. 

Do  you  do  better  in  some 
industries  than  others? 

The  fastest  growing  verticals  for  us  are  edu¬ 
cation,  healthcare  and  state  and  city/local 
government.  Those  environments  are  where 
you’re  starting  to  see  the  explosion  of  bring- 
your-own-device  and  wireless  LAN  access. 
But  you’re  also  seeing  it  in  retail  and  hospi¬ 
tality.  But  for  us,  those  top  ones  are  our  fast¬ 
est  growing  verticals.  And  two  fastest  grow¬ 
ing  segments  are  data  center,  and  that’s  being 
driven  by  virtualization  and  big  storage,  and 
the  access  layer,  because  of  tablets  and  smart¬ 
phone  computing. 

Given  you’re  dealing  with  customers  that 
have  a  lot  of  installed  base  from  other 
network  players,  what’s  your  avenue  in? 

One  of  the  things  we  talk  about  with  one  fab¬ 
ric  is  you  don’t  have  to  adopt  it  all  at  once.  You 
can  get  the  benefit  of  many  of  the  pieces  with¬ 
out  doing  it  all  at  once.  So  you  can  appreciate 
we  have  many  installations  that  are  mixed 
environments,  where  Cisco  could  be  in  the 
core  or  Juniper.  We  also  have  shops  where 
we  are  the  core  and  you  have  somebody 
else  at  the  access  layer.  So  you  can  do  this 
piecemeal.  ■ 
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►  BYOD ,  from  page  1 

Boston  Scientific,  which  began  deploying  the 
very  first  iPad  within  weeks  of  its  release. 
Now  it  has  5,300  corporate-owned  iPads  dis¬ 
tributed  worldwide. 

Except  for  Bayada,  all  have  deployed  iPads 
as  a  corporate  standard.  Bayada  deployed  the 
original  7-inch  Samsung  Galaxy  Tab  and  is 
now  adding  the  newer  Tab  2.  That  fits  with 
the  iPad’s  overwhelming  dominance  in  enter¬ 
prise  deployments.  Boston  Scientific  also  has 
a  tablet  bring-your-own-device  (BYOD)  pro¬ 
gram,  but  limited  to  iPads,  currently  with 
about  1,000  devices. 

Together,  these  four  companies  are  a 
microcosm  of  the  way  tablets,  and  mobile 
computing  in  general,  are  overturning  the 
PC  paradigm,  and  doing  so  with  astonishing 
rapidity.  “This  is  a  disruptive  technology," 
says  Dale  Potter,  CIO  at  The  Ottawa  Hospital. 
“We’re  ripping  PCs  out  of  the  environment 
faster  than  we’re  installing  them.  This  may 
be  the  death  of  the  PC.” 

Tablets  are  more  likely  to  be  corporate- 
owned  than  are  smartphones,  even  when 
a  company  is  willing  to  support  employee- 
owned  tablets.  Data  from  a  recent  survey  of 
556  companies  in  45  countries  by  Aberdeen 
Group  found  that  overall,  43%  of  the  sam¬ 
ple  were  willing  to  support  any  personally 
owned  tablet;  29%  allowed  selected  tablets, 
but  more  than  one-quarter  —  28%  —  banned 
all  personal  tablets.  By  contrast,  51%  allowed 
any  personally  owned  smartphone  to  be  used 
for  business;  32%  allowed  selected  phones 
(from  a  corporate-approved  list),  and  only 
17%  banned  all  personal  smart¬ 
phones  for  business  use. 

Companies  aren’t  abandon¬ 
ing  BYOD  policies  for  tablets, 
but  “tablet  adoption  won’t  be 
like  smartphone  adoption,” 
says  Aberdeen’s  Andrew  Borg, 
research  director,  enterprise 
mobility  and  communications. 

Big  companies  especially  are 
more  likely  to  impose  policy- 
based  limits  and  constraints  to  ensure  compli¬ 
ance  with  corporate  security  and  management 
requirements,  he  says. 

“When  you  move  into  network  and  file 
access  in  [tablet]  apps,  you  need  to  worry 
about  much  more  than  you  do  for  email 
access,”  says  Rich  Adduci,  CIO  at  Boston 
Scientific  in  Boston.  “You’re  accessing  pro¬ 
prietary  information,  so  greater  control  is  a 
necessity.  It’s  hard  to  get  that  [control]  in  a 
BYOD  environment.” 

For  Boston  Scientific,  control  comes  from 
an  early  decision  to  create  a  management 
infrastructure  as  part  of  the  iPad  deployment. 
The  company  chose  SAP’s  Sybase  Afaria 


for  provisioning  mobile 
devices,  and  the  Sybase 
Unwired  Platform  for 
device  management.  “We 
knew  we  would  have 
a  large  deployment,” 

Adduci  says.  “We  knew 
we  couldn’t  do  that  if  we 
didn’t  have  device  pro¬ 
visioning  and  control  in 
place.”  At  the  same  time, 
he’s  realistic  about  the 
current  state  of  the  art  for 
device  management.  “As  with  any  new  tech¬ 
nology,  there  will  be  things  missing  from  it, 
compared  to  the  much  more  mature  device 
management  capabilities  of  the  desktop.” 

All  four  companies  are  in  very  different 
places  with  regard  to  managing  tablets.  The 
Ottawa  Hospital  pushed  hard  to  deploy 
iPads  quickly,  in  order  to  support  a  critical 
computerized  physician  order-entry  project 
(replacing  plans  for  laptops).  Management 
wasn’t  a  top  priority  initially,  though  the  hos¬ 
pital  eventually  adopted  Mobilelron’s  mobile 
device  management  software.  But  much  tab¬ 
let  administration  is  still  largely  manual: 
when  the  annual  influx  of  nearly  1,000  resi¬ 
dents  showed  up  at  the  hospital  recently,  their 
iPad  registration,  configuration  and  setup 
required  a  “small  army”  of  IT  staff  to  do  it, 
CIO  Potter  says. 

“We  did  it  by  brute  force,  stubbornness  and 
hands-on  support,”  says  Potter.  “Today,  I’d 
caution  people  to  put  some  thought  into  this 
beforehand.  You  need  a  mobile  strategy  to 
address  security  and  privacy  concerns,  man¬ 
agement  issues,  etc.” 

Bayada  Home  Health  Care 
has  a  skeleton  management 
infrastructure  for  its  nearly 
2,500  Android  tablets.  It  con¬ 
tinues  to  rely  heavily  on  its 
main  cellular  carrier,  T-Mobile, 
for  help  in  deploying  the  Sam¬ 
sung  Galaxy  Tabs,  and  moni¬ 
toring  data  plan  usage;  and 
on  its  key  software  vendor, 
Homecare  Homebase,  which  accelerated  Bay- 
ada’s  Android  native  app  development  to  cre¬ 
ate  a  native  tablet  app  with  a  secure  password 
connection  to  the  Web  backend.  If  tablets  are 
lost  or  stolen,  the  IT  group  can  “blow  up  the 
SIM  card,”  says  Andrew  Gentile,  Bayada’s 
associate  director  for  the  home  health  oper¬ 
ating  policy  office. 

With  a  much  smaller  iPad  deployment, 
Hawthorn  Pharmaceuticals  uses  Fiberlink’s 
MaaS360  software  for  provisioning  and 
management.  The  software  vendor  routinely 
collects  anonymous  usage  data  from  custom¬ 
ers  and  shares  with  them  the  results,  to  iden¬ 
tify  mobile  device  trends  and  best  practices. 


says  Hawthorn  Director  of  Information  Tech¬ 
nology  Clay  Hilton. 

Device  management  should  be  somewhat 
simpler  with  iOS  5,  which  added  support 
finally  for  over-the-air  firmware  updates 
directly  to  the  iPad.  The  last  upgrade  to  Ver¬ 
sion  5.0  “was  extremely  painful,”  Hilton  says. 

Demanding  more  from 
mobile  carriers 

Enterprises  are  demanding  more  from  their 
mobile  carriers  as  tablets  roll  out,  according 
to  Scott  Snyder,  president  and  chief  strategy 
officer  for  Mobiquity,  which  specializes  in 
technology  services  for  enterprise  mobile 
projects.  “Tablets  are  on  a  completely  differ¬ 
ent  demand  curve  for  data  usage,  compared  to 
smartphones,”  he  says. 

Bayada  negotiated  with  T-Mobile  to  mini¬ 
mize  or  sidestep  completely  overage  charges 
for  cellular  data  plans.  More  enterprise 
accounts  are  renegotiating  data  deals,  and 
many  are  working  out  pooled  plans,  which 
gives  more  flexibility  for  employees  who 
might  use  more  or  less  than  the  individual 
monthly  limit,  according  to  Snyder.  “Five 
gigabytes  for  $50  a  month  is  a  typical  con¬ 
sumer  plan,”  he  notes.  “But  one  HD  video 
conference  for  one  hour  will  take  1  gigabyte. 
Users  with  [the  new  iPad’s]  Retina  display 
will  want  high  definition,  but  that  will  drive 
data  usage  and  charges  through  the  roof.” 

Another  option  is  negotiating  with  carriers 
for  Wi-Fi  services,  so  tablet  users  can  make 
use  of  Wi-Fi  connections  when  available 
without  cutting  into  monthly  data  plans. 
But  Snyder  says  “right  now,  Wi-Fi  is  getting 
worse  and  worse,  as  you  can  see  at  an  air¬ 
port.”  Enterprises  need  to  know  what  Wi-Fi 
services  their  carriers  can  offer,  or  support, 
and  how  well  it  performs.  ■ 


©  For  more  on  how  these  compa¬ 
nies  are  coping  with  broken  tablets, 
read  the  expanded  version  of  this 
story  online,  tinyurl.com/7lafrqn 


Annual  average  IT 
labor  cost  per  user 
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TOOLS 

A  better  Todo  List  with  Backbone 


JavaScript,  which  has  absolutely  nothing  to 

do  with  the  Java  language,  has  become  a  remark¬ 
able  platform  for  elegantly  solving  programming 
problems  and  delivering  effective  solutions. 

Has  JavaScript  got  problems?  Sure,  like  every 
other  language  ever  invented  it  solves  problems 
and  brings  new  problems  with  it,  but  it  seems 
the  JavaScript  world  has  considerably  more  juice  than 
other  programming  platforms.  Combine  JavaScript 
with  HTML5  and  the  juiciness  quotient  goes  up  by  an  order  of  magnitude! 


Mark  Gibbs’ Gearhead 


I  keep  coming  across  tools  and  program¬ 
ming  examples  that  use  JavaScript  and  quite 
a  few  of  them  are  incredibly  useful.  For 
example,  the  Backbone  library  which  aims 
to  clean  up  JavaScript  coding  by  the  use  of 
“models.”  The  models  contain  “the  interac¬ 
tive  data  as  well  as  a  large  part  of  the  logic 
surrounding  it:  conversions,  validations, 
computed  properties,  and  access  control. 

. . .  In  a  finished  Backbone  app,  you  don’t 
have  to  write  the  glue  code  that  looks  into 
the  DOM  to  find  an  element  with  a  specific 
id,  and  update  the  HTML  manually  — 
when  the  model  changes,  the  views  simply 
update  themselves.” 

To  get  a  better  appreciation  of  what  can  be 
done  with  Backbone,  check  out  the  Backbone 
examples  page  that  highlights  some  amaz¬ 
ing  projects  that  use  Backbone  and  many  of 
which  work  at  enterprise  scale. 

One  of  the  examples  that  caught  my 
attention  is  the  first  one  listed,  the  Todo 
List  application.  I’ve  been  using  a  free 
online  service  called  Tada  List  since  it  was 
launched  in  2005.  Published  by  37Sig- 
nals  to  address  the  lack  of  browser-based 
“to-do”  lists  at  the  time,  the  company  has 
recently  decided  to  retire  the  project  as 
such  services  are  no  longer  hard  to  find. 

The  problem  with  this  is  that  Tada  List  was 
really  simple  and  did  the  job  pretty  much 
as  I  wanted  it  to.  I  use  a  Tada  list  as  a  place 
to  keep  notes  about  products  and  services  I 
need  to  follow  up  on  and  all  of  the  bells  and 
whistles  of  something  like  Basecamp  lists 
are  overkill  for  my  purposes. 


Combine  JavaScript 
with  HTML5andthe 

juiciness  quotient 
goes  up  by  an  order 
of  magnitude! 


The  Backbone-based  Todo  List  by  Jerome 
Gravel-Niquet  provides  an  almost  identical 
service  but  uses  Backbone  for  the  fancy  foot¬ 
work  and  HTML5  localstorage  to  keep  the 


list  data  locally.  Also  called  “DOM  Storage,” 
localstorage  is  a  method  for  browser-based 
code  to  persistently  store  data  locally  as 
named  key/value  pairs  and  is  now  a  stan¬ 
dard  browser  feature.  Implemented  in  all  of 
the  major  browsers  (including  IE  8+,  Firefox 
3.5+,  Safari  4.0+  and  Chrome  4.0+),  localstor¬ 
age  allows  data  to  persist  across  sessions 
and,  unless  a  browser  app  sends  the  data  to  a 
server,  it  is  private  and  completely  local. 

This  new  Todo  List  capitalizes  on  this  fea¬ 
ture  and,  while  you  can  load  the  Web  page, 
CSS  and  JavaScript  libraries  from  anywhere, 
the  actual  list  data  is  kept  on  your  computer. 

If  you  want  to  make  your  own  version 
examine  the  source  for  the  app,  then  save 
the  source,  the  CSS  file  and  the  libraries  to 
wherever  you  please  and  modify  the  source 
so  all  of  those  components  can  be  loaded 
correctly.  With  very  little  effort  you  can 
change  the  entire  look  and  feel  of  the  list 
and  Backbone,  which  takes  a  little  learning, 
actually  makes  the  code  orders  of  magnitude 
easier  to  understand  and  maintain. 

If  you  have  discovered  any  other  useful 
tools  like  this,  let  me  know.  ■ 

Gibbs  is  has  a  lot  of  to-do’s  in  Ventura,  Calif. 
Send  him  a  new  list  at  gearhead@gibbs.com 
and  follow  him  on  Twitter  (@quistuipater) 
and  on  Facebook  (quistuipater). 
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PARITY  BITS 


The  percentage  of 
browsers  accessing 
the  Internet  from  non- 
PC  devices  by  2013. 

SOURCE:  J.  GOLD  ASSOCIATES 
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PHYSICAL  INFRASTRUCTURE: 


A  CRITICAL  FACTOR  IN  CLOUD 
DEPLOYMENT  SUCCESS 


Growing  demands  on  the  data  center,  ongoing  scarce  resources  and  the  need  for  greater  flexibility  are 
driving  companies  toward  the  cloud.  Migrating  the  data  center  to  the  cloud  is  an  increasingly  attractive  option  as  companies 
struggle  to  do  more  with  less.  Cloud  deployments— whether  public  or  private— offer  the  promise  of  reduced  costs,  simpler 
implementation  and  maintenance,  as  well  as  improved  business  agility. 

Many  companies  are  in  the  planning  stages  of  cloud  deployment,  and  additional  growth  in  private  and  hybrid  cloud  deployment 
is  expected  over  the  next  two  years.  According  to  a  recent  IDG  Research  Services  survey  of  more  than  100  IT  executives,  more 
than  one-third  (39  percent)  of  respondents  are  currently  utilizing  cloud,  while  48  percent  are  in  evaluation,  consideration  or 
planning  mode.  Nearly  one-quarter  (24  percent)  are  using  cloud  on  an  enterprise  basis. 

As  companies  begin  to  pilot  cloud  or  deploy  it  in  earnest,  data-center  managers  are  discovering  that  migrating  the  data  center 
to  the  cloud  is  not  as  simple  as  they  had  imagined.  Cloud  does  reduce  to  some  degree  the  amount  of  computing  hardware  a 
company  needs  for  its  data  center.  But  many  fail  to  consider  that  cloud  requires  a  robust  physical  infrastructure  foundation  in 
order  to  maximize  the  expected  benefits.  Many  executives  are  discovering  too  late  that  they  did  not  focus  enough  on  physical 
infrastructure  design  prior  to  the  move  to  cloud.  This  can  jeopardize  cloud  deployments  before  they  begin. 


Your  data  center  is  a  mission-critical  facility.  If  you  are  considering  moving  your  data  center  to  public  or  private  cloud,  it  is  important 
to  take  the  time  to  design  a  centrally  managed  and  integrated  logical  and  physical  infrastructure  that  will  support  your  migration. 


While  virtualization,  a  key  technology  of  cloud  computing,  can  enable  IT  to  reduce  its  population  of  hardware  such  as  servers, 
storage  devices  and  switches,  that  equipment  still  requires  a  core  infrastructure  base  consisting  of  server  racks,  cabinets  and 
cables.  Without  a  strong  foundation,  the  payback  from  cloud  can  diminish,  as  many  data  center  managers  have  discovered. 
Recent  research  shows  that  data  center  managers  may  not  realize  cloud  does  not  eliminate  the  need  for  solid  physical 
infrastructure  design,  and  solid  design  is  in  fact  a  critical  success  factor. 


Just  15  percent  of  IDG  survey  respondents  consider  themselves  "very  successful"  in  designing  their  physical  infrastructure 
to  maximize  cloud  benefits.  Companies  that  do  not  make  physical  infrastructure  design  a  top  priority  when  preparing  for 
cloud  deployment  have  experienced  negative  outcomes  as  a  result  of  reactive  infrastructure  changes,  including  increased 
cost  (55  percent),  slower  implementation  times  (41  percent)  and  increased  power  and  cooling  needs  (38  percent), 
according  to  the  survey. 
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Thorough  physical  infrastructure  planning  pays  off  in  terms  of  lower  cost  and  fewer  outages.  The  top  benefits  of  solutions 
that  help  prepare  infrastructure  for  cloud  deployment  include  minimizing  unplanned  outages,  reducing  infrastructure 
management  costs,  increasing  time  available  for  strategic  activities  and  faster  provisioning,  according  to  survey  partici¬ 
pants.  Other  benefits  of  planning  ahead:  reduced  infrastructure  complexity,  better  operational  control,  improved 
confidence  in  layer  1  stability  and  a  documented  and  approved  provisioning  process. 


Panduit  Solutions  Can  Help 

Panduit  has  developed  the  industry's  most  comprehensive  approach  to  an  intelligent  data  center  solution. 
It  includes  advisory  and  design  services,  data  center  infrastructure  management  (DCIM)  software  and 
hardware,  energy-efficient  cabinets,  high-speed  data  transport  (HSDT),  preconfigured  infrastructures 
and  a  physical  infrastructure  foundation,  all  aspects  of  which  are  CloudReady.  Panduit's  solution 
streamlines  the  process  of  designing,  specifying,  installing  and  managing  the  increasingly  complex 
physical  infrastructure  required  for  cloud  computing.  ■ 
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Custom  Solutions  Group 


For  more,  visit  www.networkworld.com/whitepapers/panduit-solutions-1 
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GADGETS 

Personal  cloud  server  needs  work; 

MovieNite  streams  movies  and  more 

Cool  Tools 


MyCloud 
Mini  personal 
cloud  server 

by  Akitio,  about  $104 


►  What  it  is:  The  MyCloud  Mini  is  a  net¬ 
work-attached  storage  device  (without  the 
actual  storage  —  you  have  to  install  either  a 
2.5-inch  internal  HDD  or  attach  a  USB  exter¬ 
nal  storage  drive)  that  connects  to  a  router  to 
provide  file  storage  that  can  be  accessed  via 
the  cloud,  either  through  a  browser  or  mobile 
device.  Once  connected,  the  browser-based 
software  includes  the  ability  to  share  content 
to  friends  (or  via  social  networks),  as  well  as 
stream  content  (photos,  music,  videos)  from 
across  the  Internet  (a.k.a.  the  “cloud”). 

►  Why  it’s  cool:  If  you  plan  to  use  this 
as  a  centralized  storage  unit  for  your 
personal  content  that  can  be  accessed  by 
multiple  devices  within  a  home  network, 
the  MyCloud  Mini  can  handle  this  task.  Con¬ 
necting  to  the  device  is  quite  easy  through  a 
browser  —  just  log  in  to  myakitio.com  and 
type  in  the  name  of  your  server  (initially,  you 
type  in  the  media  access  control  address, 
but  then  you  can  change  it)  in  order  to  con¬ 
nect.  The  interface  via  the  browser  is  very 
Mac-like,  with  colorful  icons  and  easy-to- 
understand  locations  for  accessing  content 
stored  on  the  drive. 

You  can  also  connect  to  the  MyCloud  Mini 
via  mobile  app  —  I  tried  the  iOS  app  on  the 
iPhone,  but  there’s  also  an  Android  app 
available.  The  app  makes  accessing  the  unit 


easier  —  you  don’t  have  to  remember  the 
Web  address,  and  once  you  log  in  initially, 
you  can  have  the  device  remember  your 
password  and  have  it  go  right  to  the  file  area. 
The  app  also  adds  some  additional  function¬ 
ality  —  for  example,  a  camera  app  lets  you 
take  photos  with  the  iPhone  and  store  the 
images  directly  to  the  MyCloud  Mini,  saving 
space  on  the  iPhone. 

Likewise,  a  Voice  Memo  app  lets  you 
record  audio  with  the  phone  and  save  the 
audio  file  (AIF  format)  to  the  cloud  server. 

In  addition,  you  can  also  easily  download 
files  from  the  server  to  the  mobile  phone  at 
the  push  of  a  button.  Akitio  has  done  a  really 
good  job  with  the  mobile  app. 

►  Some  caveats:  With  network- attached 
storage  (NAS)  functionality  built  directly 
in  to  new  wireless  home  routers,  it  might  be 
easier  to  attach  an  external  drive  to  the  router 
in  order  to  access  the  same  functionality.  I 
found  it  annoying  that  I  needed  to  attach  my 
own  storage  to  the  unit  —  there  are  home 
NAS  units  that  already  have  storage  built  in. 
Streaming  media  content  from  the  MyCloud 
Mini,  even  over  the  local  wireless  network, 
was  tedious  —  I  never  got  videos  to  play  cor¬ 
rectly  (it  would  start  and  then  just  stop),  and 
even  streaming  music  had  lag  and  burps. 
While  I  didn’t  attach  other  devices  to  the  net¬ 
work,  such  as  a  TV  or  Xbox,  I’d  be  afraid  that 
those  devices  would  have  similar  problems. 

The  instruction  guide  and  setup  manual 
are  also  sparse  —  casual  users  are  likely  to  be 
frustrated  quickly,  although  IT  pros  might  be 
able  to  get  through  all  of  the  features  without 


Akitio’s  MyCloud  Mini  shines  on  software  and  apps,  but  performance  issues  may  frustrate  users. 


HMi  . 
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too  much  pain.  There’s  some  real  potential 
here  —  the  software  and  mobile  apps  shine, 
but  the  streaming  speed  over  a  local  network 
and  the  cloud  needs  to  be  improved.  If  Akitio 
can  bundle  this  with  a  hard  drive  and  make 
those  performance  improvements,  consum¬ 
ers  might  be  impressed  with  a  device  that 
can  provide  them  with  centralized  storage 
for  their  media  content. 

►  Grade  (out  of  five) 


THE 

SCOOP 


MovieNite 
streaming 
media  player 

by  D-Link,  about  $80 


►  What  it  is:  Like  similar  units  from  Roku 
and  Western  Digital,  the  D-Link  Movie-Nite 
box  connects  to  your  TV  and  Internet  connec¬ 
tion,  providing  you  with  access  to  Internet 
movies,  music  and  TV 

services,  including  i  J 

Netflix.  Fandom  \<>u-  ■  "'’•vD.-  ‘•jlSNlfly 

Tube  and  Vudu.  ,  •  1® 


►  Why  it's  cool:  The 

unit  is  very  easy  to 
set  up  and  get  con¬ 
nected  to  those  services 
(provided  you  already  subscribe  to  them); 
quality  via  HDMI  to  an  HDTV  is  quite  nice. 
The  unit  provides  an  AV  cable  to  connect  to 
older  TV  sets  as  well. 


►  Some  caveats:  An  HDMI  cable  is 
not  provided,  so  you  have  to  purchase  it 
separately  for  your  HDTV.  Also,  no  wireless 
connection,  which  means  you’ll  need  to  con¬ 
nect  via  Ethernet  through  a  wireless  bridge 
or  powerline  adapter.  There’s  also  a  lack  of 
services  compared  with  Roku  and  Western 
Digital  (which  could  change  as  D-Link  signs 
deals  with  additional  providers). 

►  Grade  ★★★i 


Shaw  can  be  reached  at  kshaw@nww.com. 
Follow  him  on  Twitter:  @shawkeith. 


Linked 


NETWORKWORLD 


Network  World's  forum  on  Linkedln  is  the  place  for 
network  and  IT  professionals  to  offer  each  other  advice 
and  discuss  the  networking  news  of  the  day.  Network 
World  editors  are  on  hand  to  ensure  that  the  group 
remains  free  of  spam  and  vendor  spin,  and  to  give  their 
take  on  what's  important  in  networking.  Occasionally, 
they'll  poll  the  group  on  controversial  issues  and  you 
can  make  your  voice  heard. 

Ask  a  question.  Post  a  job  listing.  Connect  with 
peers.  Join  Today! 


www.networkworId.com/linkedin 
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What  to  look  for  in  network  fabrics 


THE  ETHERNET  FABRIC  MARKET  HAS 

grown  rapidly  in  the  past  year.  Mar¬ 
ket  interest,  the  range  of  offerings  and 
customer  adoption  are  all  on  the  rise. 
If  you  have  been  looking  into  a  fabric 
you’ve  likely  developed  expectations 
about  what  you  want  it  to  do  that  your 
existing  network  can’t.  However,  with 
the  variety  of  offerings  on  the  market, 
it  can  be  difficult  to  figure  out  how  to 
focus  the  decision  process. 

Brocade  has  more  than  550  cus¬ 
tomers  that  have  deployed  Brocade’s 
fabric-enabled  VDX  Data  Center 
Switches  since  their  release  in  Novem¬ 
ber  2010.  Here  is  what  our  customers 
tell  us  is  most  meaningful  to  them,  and 
likely  would  be  to  you  as  well. 

First  off,  they  relish  the  automa¬ 
tion  features  we’ve  built  in  and  the 
simplicity  of  building  a  fabric: 

■  Connect  the  switches  together,  and  trunks  form  automatically 
with  no  configuration  required. 

■  Switching  from  “classic”  (STP-enabled)  mode  to  fabric  mode 
involves  a  single  command. 

■  With  all  links  active,  the  total  number  of  devices  required  in 
service  is  greatly  reduced,  simplifying  the  overall  network 
and  reducing  both  capex  and  opex  significantly.  Customers 
have  cited  savings  of  hundreds  of  thousands  of  dollars  in  the 
first  year  of  operations. 

■  “Almost  perfect  load  balancing,”  in  the  words  of 
one  industry  expert,  due  to  unique  per-packet 
load-balancing  that  draws  on  techniques  that 
are  part  of  our  storage  fabric  heritage. 

■  15%  to  20%  reduction  in  time  spent  on  basic 
network  management  through  automation  of 
common  tasks. 

“It  just  works, ’’  one  customer  said .  Brocade  fabrics 
are  self-aware  and  self-healing,  automatically  redis¬ 
tributing  traffic  in  the  event  of  a  link  outage  to  avoid 
disruptions  or  performance  degradation.  Addi¬ 
tional  links  can  be  added  non-disruptively,  with 
rapid  fabric  reconvergence  time.  Human  error,  the 
most  common  cause  of  downtime,  is  reduced  with 
the  automation  of  common  functions. 

Despite  the  fact  that  Ethernet  fabrics  are  a 
relatively  new  phenomenon,  some  fabrics,  such 
as  Brocade’s,  are  based  on  very  mature,  reliable 

►  See  Brocade, page  24 


A  DATA  CENTER  ETHERNET  FABRIC 

requires  certain  attributes  such  as 
high  performance,  low  latency  and 
resiliency.  However,  a  key  aspect  of 
any  fabric  is  the  network  operat¬ 
ing  system  (NOS)  and  the  software 
protocols  and  management  layer 
required  to  make  the  fabric  high 
performance  while  reducing  opera¬ 
tional  overhead.  The  evolution 
to  technologies  such  as  VXLAN/ 
NVGRE,  as  well  as  the  move  toward 
software  defined  networking  (SDN), 
all  point  to  the  need  for  a  high  per¬ 
formance  fabric  that  is  open  and 
interoperable,  and  that  does  not  lock 
the  network  into  a  vendor-specific 
proprietary  technology. 

A  high  performance  network  fab¬ 
ric  requires  both  the  right  network 
switches  and  the  right  network  architecture.  Some  key  attributes 
for  high  performance  network  switches  are: 

■  High  density,  high  fan-out  and  non-blocking.  High  density 
10G  at  the  server  network  edge,  high  density  40G  in  the 
network  core. 

■  Cut-through  forwarding  on  both  chassis  and  stackables  for 
low  latency. 

■  Dynamic  adaptive  per  port/queue  buffer  thresholds  for 
good  burst  absorption  capabilities.  This  is  important  when 
dealing  with  high  performance  storage  along  with  big  data 

Hadoop  and  MapReduce-type  technologies  to 
address  incast-type  scenarios  and  temporary 
congestion  in  the  network. 

■  Single-copy  egress  pipeline  replication  for  mul¬ 
ticast  traffic  to  improve  multicast  performance  and 
reduce  multicast  latency  variance  across  ports. 

■  Support  for  LAN-SAN  convergence  with  DCB 
capability  (PFC,  ETS  and  DCBX). 

And  when  it  comes  to  network  architecture, 
there  are  many  attributes  to  consider.  You  should 
strive  for  as  few  tiers  as  possible  to  reduce  latency, 
oversubscription  and  management  overhead.  For 
example,  a  high  availability  chassis  that  has  700- 
plus  10G  Ethernet  or  175-plus  40G. 

Ethernet  non-blocking  ports  will  inherently 
require  fewer  network  switches  than  one  that  has 
a  fewer  number  of  ports  when  it  comes  to  fan-out. 
You  should  also  look  for  active-active 

►  See  Extreme,  page  24 
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^  INTRODUCING  BLACKBERRY  MOBILE  FUSION. 

Now  all  personal  and  corporate-owned  BlackBerryf 
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i OS  and  Android  devices  can  seamlessly  access 
business  data  and  applications  on  a  single, 
secure  management  platform.  To  find  out  how 
this  new  approach  will  end  mobile  chaos,  visit 

blackberry.com/mobilefusion. 
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IT  JUST  works; 

ONE  CUSTOMER  SAID.  BROCADE 
FABRICS  ARE  SELF-AWARE  AND 
SELF-HEALING,  AUTOMATICALLY 
REDISTRIBUTING  TRAFFIC  IN  THE 
EVENT  OF  A  LINK  OUTAGE  TO  AVOI1 
DISRUPTIONS  OR  PERFORMANCE 
ON. 
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►  Brocade,  from  page  22 
technology. 

Customers  also  want  minimal  disruption.  An  access  layer- 
based  approach,  like  Brocade’s,  directly  addresses  the  pains  that 
drive  many  customers  to  look  at  fabrics  to  begin  with:  the  latency 
and  unnecessary  load  on  core  switches  that  is  incurred  for  the 
east-west  traffic  patterns  that  are  increasingly  common.  Most 
other  fabrics  are  based  on  much  more  expensive  core  switches 
which  in  many  cases  do  little  to  simplify  existing  network  archi¬ 
tecture  or  improve  east-west  traffic  performance. 

We  allow  customers  to  deploy  fabrics  progressively,  workload 
by  workload  or  pod  by  pod,  without  necessitating  a  redesign  of 
their  overall  data  center  network.  Some  switches,  such  as  Bro¬ 
cade’s  VDX  series,  can  be  deployed  in  traditional  STP  mode  first, 
and  then  switched  to  fabric  mode  when  the  customer  is  ready. 
Traffic  is  passed  seamlessly  to  and  from  upstream  switches  run¬ 
ning  STP,  with  the  fabric  appearing  as  a  single  switch  to  the  rest 
of  the  network.  Fabrics  with  these  capabilities  are  the  best  choice 
for  targeted  experimentation  with  fabric  technologies  with  little 
operational  risk  and  relatively  low  capital  outlay. 

Also,  the  right  fabric  does  not  require  an  entirely  new  set  of 
skills  and  training  to  manage.  CLI  commands  should  be  familiar, 
even  to  professionals  whose  primary  training  is  on  equipment 
from  other  vendors.  Most  find  they  can  set  up  and  operate  a  fabric 
easily  with  little  instruction. 

Altogether,  our  customers  have  found  that  partnering  with 
Brocade  has  helped  them  work  through  network  inflexibility 
and  brittleness,  improve  application  performance,  and  increase 
service  velocity  while  significantly  reducing  capital  outlays  and 
ongoing  operating  costs.  ■ 

Brocade  networking  solutions  help  the  world's  leading 
organizations  transition  smoothly  to  a  world  where  applications 
and  information  reside  anywhere. 


►  Extreme,  from  page  22 

redundancy.  Multi-system  Link  Aggregation  (MLAG)  is  a  tech¬ 
nology  that  builds  upon  traditional  LAG  and  works  in  conjunc¬ 
tion  with  LAG  to  provide  active-active  redundancy  across  servers, 
network  and  storage,  as  well  as  other  network  infrastructure  such 
as  firewalls  and  application  delivery  controllers. 

MLAG  does  not  require  any  new  encapsulation  and  hence 
can  work  with  most  existing  infrastructure.  While  technologies 
such  as  TRILL  or  SPB  can  also  provide  benefits  of  active-active 
redundancy,  there  is  little  to  no  support  for  either  TRILL  or  SPB 
in  servers,  hypervisors  or  storage  devices.  In  other  words,  MLAG/ 
LAG  can  provide  full  end-to-end  active-active  redundancy,  today. 
And  as  newer  technologies  such  as  VXLAN/NVGRE  come  into 
play,  MLAG/LAG  can  continue  to  work  seamlessly  in  these 
environments. 

Another  important  factor  to  consider  is  that,  while  Ethernet 
fabrics  today  tend  to  be  Layer  2  oriented,  in  the  near  future  with 
VXLAN/NVGRE,  the  fabric  can  move  toward  a  segmented  Layer 
3  fabric  with  equal-cost  multi-path  routing.  By  avoiding  vendor 
lock-in  into  a  proprietary  single-vendor  Layer  2  fabric  technology, 
the  network  can  evolve  and  take  advantage  of  these  advancements 
without  requiring  a  “rip  and  replace”  strategy. 

A  network  fabric  discussion  would  not  be  complete  without 
mention  of  storage  and  convergence.  The  move  to  a  converged 
fabric  is  becoming  a  reality  with  10G/40G  Ethernet  (and  in  the 
near  future  100G  Ethernet)  and  Data  Center  Bridging  technology 
now  becoming  commonly  available  both  in  network  switches  and 
converged  network  adapters.  As  technology  evolves  to  accommo¬ 
date  Layer  3  fabrics,  it  will  be  important  to  use  storage  technology 
that  is  both  routable  and  easy  to  virtualize.  Technologies  such  as 
iSCSI  provide  an  increasingly  attractive  alternative  to  legacy  Fibre 
Channel  storage  for  just  those  reasons. 

A  high  performance  Ethernet  fabric  is  only  as  effective  as  the 
network  operating  system  running  on  it.  A  single,  mature  and 
modular  NOS  that  runs  across  the  network  switch  infrastructure 
significantly  reduces  overhead  and  simplifies  day-to-day  man¬ 
agement.  Furthermore,  a  NOS  that  integrates  with  the  virtual 
machine  environment  can  significantly  reduce  the  operational 
overhead.  For  example,  the  NOS  needs  to  support  virtual  port- 
based  configuration,  “follow  the  VM”-type  policies,  and  complete 
network-based  VM  lifecycle  management,  across  multiple  hyper¬ 
visor  technologies. 

Finally,  consideration  needs  to  be  given  to  the  fact  that  the  data 
center  fabric  is  evolving  rapidly.  The  fabric  needs  to  support  the 
evolution  toward  a  scalable,  segmented  Layer  3  network  without 
requiring  “rip  and  replace.”  The  NOS  also  needs  to  support  SDN- 
oriented  technologies  such  as  OpenFlow  and  OpenStack. 

In  conclusion,  customers  need  to  consider  not  just  high  per¬ 
formance  Converged  Ethernet  switches,  but  also  an  open  and 
interoperable  network  architecture,  along  with  a  mature,  modu¬ 
lar  and  extensible  network  operating  system.  By  taking  a  holistic 
view  to  network  fabrics,  a  more  robust,  high  performance  and 
cost-effective  fabric  can  be  deployed  to  address  customer  needs 
as  they  evolve.  ■ 

Extreme  Networks  is  a  technology  leader  in  high  performance 
Ethernet  switching  for  cloud,  data  center  and  mobile  networks. 
The  company  has  more  than  6,000  customers  in  more  than  50 
countries.  More  information  on  Extreme  is  available  at  http:// 
www.extremenetworks.com. 
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CLEAR  CHOICE  TEST:  MICROSOFT  SYSTEM  CENTER  2012 


Microsoft  delivers  sophisticated  management  modules  for 
enterprise-level  virtualization  and  cloud  environments 


BYTOM  HENDERSON _ 

W  Center  2012  suite  of  man- 

new  weapon  in  the  battle 
to  control  the  virtualized  data  center  and  the 
cloud,  both  private  and  public. 

Although  it’s  a  totally  gruesome/forklift 
installation  (yet  better  than  before),  for  the 
first  time  in  recent  memory,  all  of  the  modules 
that  comprise  System  Center  are  in  nominal 
revision  sync,  and  have  increased  their  cover¬ 
age  to  include  the  competition. 

Private  cloud  is  well  covered  in  System 
Center  2012,  although  the  focus  is  poised 
more  toward  Windows  Azure,  Microsoft’s 
public  cloud  platform.  Virtualization  is  also 
heavily  covered,  and  although  the  emphasis 
is  on  Microsoft’s  Hyper-V  hypervisor,  there  is 
also  support  for  many  heavily  used  features, 
but  not  all  features,  of  Citrix  XenServer  and 
VMware  ESXi/vSphere. 

Systems  Center  2012’s  coverage  includes 
plenty  of  other  non-Windows  devices.  You 
can  deal  with  Windows  Phone,  Apple’s  iPad/ 
iPhone  iOS  5,  and  perhaps  that  pesky  depart¬ 
ment  with  the  Android  phones,  too  —  if 
there’s  a  link  to  Microsoft  Exchange  Server 
controls.  Microsoft  is  trying  to  change  its 
Windows-only  stripes.  It’s  the  most  egalitar¬ 
ian  coverage  we’ve  seen  from  Microsoft,  and 
while  the  added  coverage  is  welcome,  it  does 
add  to  the  complexity  level. 

We  divide  our  review  into  two  parts.  One 
roughly  covers  SC  2012:  Orchestrator,  the 


CLEAR 


upgraded  workflow  tool  that  Microsoft 
bought  and  presented  as  Opalis  vNext,  along 
with  SC  2012:  Configuration  Manager. 

In  an  upcoming  review  we’ll  examine  SC 
2012:  Service  Manager,  App  Controller,  Vir¬ 
tual  Machine  Manager  and  Data  Protection 
Manager.  Microsoft  Endpoint  Protection 
Manager  is  excluded  —  we  have  insufficient 
resources  to  pound  it. 

Infrastructure  you’ll  need 

We  needed  a  lot  of  hardware  in  the  form 
of  VMs  to  make  the  full  installation  of  all 
modules  work.  At  minimum,  a  server/VM 
instance  with  40GB  of  disk  and  reasonable 
memory  is  needed  for  each  module.  Under¬ 
neath  System  Center  2012  activity  is  com¬ 
monly  SQL  Server  2008  R2  as  an  engine 
(see  our  review  of  SQL  Server  2012,  Page  30). 
Many  modules  also  seem  to  need  their  own 
hefty  hardware  (or  healthy  VM  instances). 

None  of  the  modules  are  recommended 
to  be  run  on  Active  Directory  Domain  con¬ 
trollers,  necessitating  additional  instances. 
Microsoft  wants  to  play  a  dominant  role  in  the 
enterprise,  and  we  feel  that  for  many  Micro¬ 
soft-centric  organizations.  System  Center 


could  be  a  good,  if  non- trivial,  choice. 

Each  module  needs  planning  prior  to 
installation.  Modules  cannot  be  reasonably 
expected  to  be  installed  without  the  Unified 
Installer,  which  also  presumes  you’ve  done 
your  homework.  Homework  includes  under¬ 
standing  the  prerequisites  of  each  module 
(they’re  all  slightly  different)  and  having  pre¬ 
requisites  installed,  like  the  aforementioned 
SQL  Server,  and  in  most  cases,  IIS  with  vari¬ 
ous  mandated  tunings/settings.  We  found 
this  the  hard  way.  Use  the  Unified  Installer 
after  homework  is  done. 

Despite  the  heterogeneity  of  the  Sys¬ 
tem  Center  2012  pieces,  Microsoft  clearly 
advances  its  own  products  first,  as  might 
be  expected.  More  interestingly,  it  also  adds 
features  that  clearly  attempt  to  replace  pre¬ 
mium  features  of  its  competition  —  while 
managing  competitive  virtualization  and 
cloud  infrastructure.  System  Center  2012 
works  especially  well,  and  advances  the  via¬ 
bility  of  Microsoft’s  Hyper-V  infrastructure. 
As  an  example,  SC  2012:  Virtual  Machine 
Manager  offers  strong  management  of  vir¬ 
tualization  instances  in  the  contexts  of  pri¬ 
vate  cloud  and  public  cloud  (which  usually 
means,  but  is  not  confined  to,  Microsoft’s 
Azure  cloud  resources). 

As  an  example,  the  SC:VMM  modules 
can  do  bare-metal  installations  utilizing 
Hyper-V,  populate  the  hypervised  bare  metal 
with  Windows  or  Linux  instances  (SUSE 
instances,  but  Red  Hat,  too,  if  you  must). 

SCVMM  can  control  VMware  ESX/ESXi 
instances,  too,  but  many  VMware  features 
found  in  VMware  vSphere  5  still  require 


Meet  the 
modules 

With  System 
Center  2012, 
all  of  the 
modules  have 
been  updated 
and  are  in 
sync  to  deliver 
management 
of  enterprise 
applications  and 
infrastructure. 


System  Center 

Data  Protection  Manager 


System  Center 

Configuration  Manager 


recovery 


Virtual  J 
workload 
provisioning 


.enter 


Machine 


•Performance 
X  and  health 


System  Center 

Operations  Manager 


=  MICROSOFT  DIVIDES 
=  THE  NEW  MODULES  INTO 

-  THREE  BROAD  CATEGORIES: 

=  APPLICATIONS,  SERVICES 
=  AND  INFRASTRUCTURE. 

ZZ  1.  Applications  include  App  Controller, 
Operations  Manager  (ex-MOM/Microsoft 
Operations  Manager)  and  Service 
Manager  (overlap). 

ZZ  2.  Under  services,  you  have  Service 
Manager  and  Orchestrator. 

~  3.  And  for  infrastructure  management, 

there’s  Virtual  Machine  Manager,  Operations 
Manager  and  Configuration  Manager. 
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vSphere  5.  The  benefit  gained  is  largely  con¬ 
trol  nexus  for  common  tasks  used  in  manag¬ 
ing  VMware-based  instances.  The  same  can 
be  said  for  XenCenter  and  Citrix’s  XenCenter 
management. 

Orchestrator 

System  Center  2012:  Orchestrator  is  per¬ 
haps  the  most  compelling  module  as  it’s  an 
advance  of  Opalis,  the  IT  process  automation 
tool  Microsoft  acquired  in  2009.  Orchestra- 
tor  makes  runbooks,  through  a  Runbook 
Designer,  which  amounts  to  an  understand¬ 
ably  customizable  script  generator  that 
goes  deep  into  Microsoft  infrastructure  to 
do  complex  jobs.  The  Orchestrator  module 
must  have,  at  minimum,  a  server  largely  dedi¬ 
cated  to  the  work  of  building,  managing  and 
deploying  the  runbooks,  which  are  objects 
that  contain  the  instructions  that  deploy 
resources  for  en  masse  distribution. 

Runbooks  are  workflow  instructions,  and 
there  are  already  online  runbook  resources 
available  that  can  be  added  to  the  examples 
that  come  with  Orchestrator.  The  runbooks 
are  scripts,  and  scripts  can  be  edited  and 
replaced  with  locally  specific  variables  that 
tailor  runbook  activities  which  are  instruc¬ 
tions  that  the  runbook/script  will  execute. 

In  turn,  the  scripts  can  be  stored,  or  placed 
into  a  workflow  timeline  that  can  themselves 
be  triggered  by  events,  such  as  a  progressive 
installation  of  an  application.  We  discovered 
too  late  that  we  could  have  used  Orchestrator 
to  install  SQL  Server,  establish  the  role  of  IIS 
and  make  some  of  the  modifications  needed 
to  make  Orchestrator  work. 

We  could  import  runbooks,  or  use  Run¬ 
book  Designer  to  get  a  WYSIWYG  view  of 
“stock”  scripts,  or  ones  we  built  from  scratch. 
Dependencies,  and  the  specific  names  of 
assets  and  resources,  can  be  easily  filled  in 
to  the  process  to  make  Orchestrator  develop 
and  execute  some  fairly  complex  jobs.  Run¬ 
book  Servers  then  do  the  work,  and  the  first 
Runbook  Server  added  becomes  the  Primary 
Runbook  Server,  and  subsequent  servers 
can  be  largely  autonomous.  This  allows 
branches,  or  clouds,  to  have  largely  autono¬ 
mous  script  executions  for  workflows  of 
installations,  updates  and  other  work. 

We  tested  several  runbooks  that  per¬ 
formed  application  installation  between 
servers  in  our  lab  and  our  network  opera¬ 
tions  center  at  nFrame  in  Indianapolis.  We 
queued  them  into  life  by  a  simple  user  batch 
click.  The  event  is  then  logged  (Microsoft 
warns  that  the  logging  database  can  become 
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Company 

Microsoft 

Product 

System  Center 

2012:  Orchestrator 
module,  Configuration 

Manager  module 

Price 

Standard  edition: 

$1,323/2  OS  environment 
Datacenter  edition: 

$3,607,  unlimited  OSs 

Pros 

Orchestrator  does  a  great 
job  automating  tasks  in  a 
multi-vendor  virtualized 
environment:  Configuration 
Manager  eases  the  burden 
of  application  and  OS 
life-cycle  management 

Cons 

Requires  considerable 
upfront  planning,  as  well 
as  hardware  resources 

huge;  why  doesn’t  it  use  a  syslog,  we  won¬ 
dered?)  and  there  are  many  ways  to  control 

runbook  executions,  in  terms  of  the  number 
of  concurrent  jobs  that  are  allowed,  permis¬ 
sions  to  use  while  doing  various  parts  of  the 
job(s),  and  the  kinds  of  activities  that  can  be 
performed  —  including  the  customizable 
activities. 

Orchestrator  comes  with  Integration 
Packs  that  are  the  connection  points  to  make 
runbooks  that  control  Active  Directory 
as  well  as  third-party  software.  Currently 
offered  are  integration  packs  for  HP’s  iLO/ 
OA  server  management,  HP  Operations 
Manager  software,  HP  Service  Manager, 
IBM’s  Tivoli  Netcool/OMNIbus  infra¬ 
structure  management  suite,  and  VMware 
vSphere.  As  we’re  too  small  a  shop  for  the 
hardware  network  management  apps,  we 
didn’t  test  these.  But  we  did  take  a  long  look 
at  VMware  integration,  as  we’re  very  famil¬ 
iar  with  it. 

The  Orchestrator  module  doesn’t  replace 
vSphere,  but  it  knows  how  to  automate  many 
daily  grind  and  grunt  tasks.  After  mapping 
a  lot  of  vSphere  information  (addresses, 
machine  names,  host  platform  information, 
hypervisor  datastores),  we  were  able  to  do 
the  job  of  moving  an  ESXi  VM  from  one 
machine  to  another.  But  it  took  a  lot  of  work. 

There  are  limitations  to  the  control  of 
Orchestrator  Integration  Packs  in  VMware 
environments,  particularly  when  it  comes 
to  being  able  to  use  the  decision  intelligence 


of  vSphere  5  to  make  choices  about  storage 
and  resource  management.  Until  Orches¬ 
trator  gets  an  API  that  can  stealthily  grab 
more  infrastructure  conditions  information 
to  move  VMs  around  to  load/storage  bal¬ 
ance  ESXi-hypervised  servers,  they  miss  an 
important  part  of  vSphere’s  control  mecha¬ 
nism  —  which  is  a  VMware  secret  sauce. 
Nonetheless,  the  Orchestrator  integration 
controls  for  VMware  were  found  compelling, 
if  daunting  to  put  together. 

On  a  good  day,  part  of  the  use  of  Orchestra- 
tor  is  execution  of  packaged  “normal”  events, 
while  the  other  part  of  the  day  is  spent  moni¬ 
toring  logs.  There  is  a  lot  of  initial  planning 
that  is  required  to  put  Orchestrator  to  use, 
and  then,  like  every  new  hammer,  there’s  a 
stage  where  we  wanted  to  craft  runbooks  to 
do  all  sorts  of  things,  some  of  which  really 
don’t  need  automation.  There  is  a  reporting 
and  documentary  test  that  applies  discipline 
to  what  runbooks  do  —  a  task  is  performed 
according  to  a  runbook,  which  plays  nice 
with  consistency  and  auditing.  It’s  nonethe¬ 
less  non-trivial  to  put  Orchestrator  to  work  — 
you  have  to  train  large  parts  of  the  symphony. 

Configuration  Manager 

Like  Orchestrator,  Configuration  Manager 
requires  planning  and  forethought  before  the 
first  installation  can  commence.  Configura¬ 
tion  Manager  uses  SQL  Server  2008  R2  as  its 
engine,  and  like  Orchestrator,  it  needs  to  live  in 
a  separate  instance  from  an  Active  Directory 
domain  controller.  Indeed,  as  much  work  can 
be  stopped  if  SQL  Server  becomes  unavailable 
or  mangled,  frequent  backup  and  replication 
and/or  clustering  might  be  a  good  idea. 

Configuration  Manager  needs,  at  mini¬ 
mum,  a  site  server  and  site  database  instance 
(they  can  be  in  the  same  machine  or  VM 
instance)  along  with  a  component  server 
(can  also  be  combined  with  the  site  or  data¬ 
base  server  in  small  installations).  So  far, 
we  have  three  server  instances  that  can  be 
combined.  The  SQL  Servers  can’t  be  mir¬ 
rored,  which  bothered  us.  High  availability 
is  important  here. 

Configuration  Manager  sites  consist  of 
primary  and  secondary.  Secondary  sites  are 
used  as  distribution  points,  so  as  to  conserve 
bandwidth  by  multicasting  through  a  hier¬ 
archy  of  sites.  This  also  works  well  for  multi¬ 
branch/multi-regional  sites,  where  language 
or  audit/compliance  technique  and  reporting 
may  be  different,  which  is  another  reason  that 
larger  organizations  will  need  to  bury  them¬ 
selves  in  the  System  Center  documentation  to 
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understand  the  implications  of  how  and  where 
Configuration  Manager  sites  are  deployed. 

After  reading  the  considerations,  we 
installed  Configuration  Manager  using 
the  Unified  Installer.  There’s  an  option  that 
extends  the  Active  Directory  schema  to 
accommodate  a  container  that  allows  trusted 
installation,  but  we  didn’t  test  this.  The  Site 
Server  has  roles  that  it  takes  on  as  storage 
points  for  configuration  functionality.  This 
might  mean  storage  for  Windows  updates  via 
Windows  Server  Update  Services  (WSUS),  or 
as  an  anchor  point  for  the  remediation  per¬ 
formed  by  Microsoft’s  Network  Access  Pro¬ 
tection  policies.  There  are  any  number  of  pos¬ 
sible  Configuration  Manager  roles. 

Configuration  Manager  inventories, 
deploys,  audits  and  maintains  application 
instances,  and  operating  system  instances 
and  their  licenses  —  and  is  largely  incapable 
of  doing  this  for  non-Windows  platforms, 
unlike  the  increased  heterogeneity  of  Orches- 
trator.  However,  if  you’re  using  Windows 
in  a  big  way,  Configuration  Manager  can 
discipline  the  deployment  of  apps  and  OS 
instances,  while  making  the  work  much  sim¬ 
pler  than  manual  alternatives. 

There  are  several  stages  in  a  device’s  life 
cycle  where  Configuration  Manager  comes 
into  use.  Windows  operating  systems  along 
with  applications  payloads  are  brought 
into  life  onto  bare  metal.  A  Windows-based 
Configuration  Manager  agent  then  is  used 
to  manipulate  the  device,  either  by  push  or 
pull  commands  for  information.  Windows 
Mobile  6+,  Symbian  Belle  phones,  certain 
Windows  embedded  systems  versions,  and 
mobile  devices  that  use  the  Exchange  Active- 
Sync  API  (Apple  iOS  4+,  certain  versions  of 
Android)  can  be  configured  and  managed 
through  their  life  cycles,  too. 

Pushing  operating  systems 

There  are  several  operating  systems  deploy¬ 
ment  methods  available  with  Configuration 
Manager  that  we  found  compelling.  First,  one 
finds  a  suitable  image  as  a  payload.  You  can 
capture  one,  or  use  a  converted  ISO  image. 
It  would  be  good  to  use  one  that  has  needed 
drivers,  or  even  the  right  software  load,  so  that 
you  can  do  everything  in  a  single  step,  subject 
to  localization,  customization  and  so  forth. 
We’re  used  to  doing  that  in  our  labs. 

The  next  step  is  to  choose  a  distribution 
method.  There’s  good-old  PxE  (Pre-boot  exe¬ 
cution  Environment),  which  uses  Windows 
Deployment  Server.  Indeed,  you  can  use  PxE 
without  Configuration  Manager  at  all,  sub¬ 
ject  to  licensing  constraints  and  local  imple¬ 
mentation.  Configuration  Manager  adds  its 
value  by  allowing  a  Remotelnstall  folder  to 


be  built,  so  that  images  can  be  rotated  in  and 
out  of  a  centralized  distribution  point,  where 
one  might  normally  stage  operating  system 
deployments  onto  new  or  retrofit  hardware. 

We  tested  this  method,  and  it  worked  for 
our  test  Windows  7  Professional  instance.  We 
used  the  WDS,  made  an  IPv4  local  network, 
configured  the  Remotelnstall  folder  and 
resource  payload,  did  the  WDS  configuration 
work  (simple  enough),  and  booted  the  image 
onto  a  Lenovo  T520  test  machine. 

It’s  also  possible  to  make  a  boot  CD/DVD  or 
flash  drive  that  redirects  a  similar  link  to  the 
WDS  configuration  to  make  a  machine  swal¬ 
low  the  desired  operating  system  payload, 
but  we  didn’t  test  this.  So  as  far  as  we  know, 
it  could  be  used  for  non-Windows  instances. 

Making  the  inventory  comply 

Software  apps,  content  and  updates  are  dis¬ 
tributed  in  similar  ways,  but  System  Center 
2012:  Configuration  Manager  can  also  create 
objects  of  information  regarding  inventory 
and  states  through  a  metaphor  called  Collec¬ 
tions.  Collections  are  groupings  of  users,  or 
devices  (not  both).  Data  is  collected  once  (or 
simply  accumulated  in  counts)  or  is  checked 
in  intervals.  Microsoft  warns  against  que¬ 
rying  “global”  information  in  intervals,  as 
this  spawns  a  huge,  and  potentially  useless, 
event.  Through  the  collections,  we  could 
tabulate  items  set  for  compliance.  Compli¬ 
ance  means  inventing,  then  checking  the 
existence,  or  through  a  custom  script,  the 
state  of  an  object  —  perhaps  an  application. 
We  tested  with  a  rudimentary  example  that 
used  a  built-in  check  box,  of  calling  upon 
the  client’s  Windows  Installer  file  existence, 
in  our  case,  Windows  Office  2010  that  was 


installed  on  our  Lenovo  T520  notebook.  It 
was  more  sophisticated,  and  customized 
scripts  can  be  deployed. 

Where  machines  can  tell  their  power  state, 
one  could  also  conceivably  test  power  settings 
for  machines.  This  could  be  interesting  in 
terms  of  Carbon  Trading  compliance,  but  we 
only  pay  a  pittance  for  our  coal-powered  elec¬ 
tricity  in  Indiana,  so  we  didn’t  mess  with  it. 

Reporting  requires  SQL  Server  Reporting, 
and  many  queries  of  inventory,  compliance 
and  general  activity  logs  were  pretty  easy.  We 
could  also  see  how  the  tables  could  be  modi¬ 
fied  to  make  things  look  perfect,  and  so  from 
an  auditing  perspective,  auditors  will  need  to 
note  that  we  could  export,  manipulate  and  re¬ 
import  tables  to  make  them  look  crystal  clear 
—  but  you’ll  need  to  be  a  good  database  admin¬ 
istrator  to  know  how.  If  we  played  by  the  rules, 
the  reports  were  actually  both  simple  to  use, 
and  with  a  few  annotations,  simple  to  under¬ 
stand,  even  for  a  CIO. 

Summary 

Configuration  Manager,  like  Orchestrator, 
requires  considerable  planning,  but  can  be 
started  in  at  a  simple  level.  Successful  imple¬ 
mentations  will  take  an  investment  in  the  time, 
energy  and  resources  of  high-level  systems 
personnel  to  reap  benefits.  It’s  highly  sophis¬ 
ticated,  and  dives  very  deeply  into  a  strongly 
Windows-based  system.  Its  application  into  a 
small/midsize  organization  may  be  helpful, 
but  larger  organizations  will  find  its  depth 
very  useful.  SI 

Henderson  is  principal  researcher  for 
ExtremeLabs,  of  Bloomington,  Ind.  He  can  be 
reached  at  kitchen-sink@extremelabs.com. 


How  we  did  it 

We  initially  attempted  to  implement  System  Center  2012  modularly,  which  is 
almost  impossible,  so  we  used  the  Unified  Installer  after  reading  the  salient 
documents  for  each  module,  then  installed  each  module  into  its  own  VM, 
combining  SQL  Server  resources  where  necessary.  We  recommend  that  up  to  four  SQL 
Server  instances  may  be  necessary  for  protecting  all  of  the  modules. 

We  controlled  the  test  of  the  modules  in  our  lab,  and  deployed  instances  both  locally 
into  Dell  1950  servers  (2-CPU/8-core,  12GB  memory,  lots  of  disk)  connected  into  a 
switch,  then  to  our  network  operations  center  at  nFrame.  At  nFrame,  we  housed  two 
HP  servers,  a  DL580  (16-core,  32GB,  big  disk),  a  DL585  (16-core,  32GB,  big  disk)  and 
several  other,  smaller  servers  that  shared  a  Compellent  hefty  SAN  system  that  were  all 
interconnected  with  an  Extreme  switch. 

We  exercised  the  basic  functionality  of  each  module  against  our  Windows  Serv¬ 
ers,  and  VMware,  XenServer  and  KVM-based  hardware  using  both  Windows  7  virtual 
machines,  and  Lenovo  T520  notebooks  (2-core/i5  with  8GB  of  DRAM  and  300GB 
drives)  in  a  Gigabit  Ethernet  switched  Ethernet  environment. 
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Worry  free  warranty  =  Peace  of  mind* 


'This  is  the  first  time  I  specified  ICC  for  my  new  data  center  CAT  6 
cabling  plan.  To  my  pleasant  surprise,  every  port  passed  the 
test  with  high  margin.  My  cabling  cost  dropped  almost  20% 
compared  to  another  big  brand  I  used  the  last  time.  The  Elite 
Installer  even  worked  with  ICC  to  verify  and  provide  a  lifetime 
performance  warranty  —  very  cool."  -  Scott,  a  data  center  manager 

This  is  what  hundreds  of  IT  Managers  in  data  centers,  colleges  and 
enterprises  are  experiencing.  If  you  are  planning  to  upgrade  your  network, 
5  take  the  first  step:  Specify  ICC  and  ask  for  an  ICC  Certified  Elite  Installer! 

CM 

gi 

I;  888-ASK-4ICC  I  csr@icc.com  I  icc.com/nw 

O 

u 

®  *When  ICCs  jacks,  patch  panels  and  premise  cables  are  installed  together  and  tested  per  TIA  specification. 
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CLEAR  CHOICE  TEST:  SQL  SERVER  2012 

Microsoft  raises  bar  with  SQL  Server 

Business  intelligence  and  uptime  features  are  impressive,  but  beware  of  costs 


BYBARRYNANCE _ 

W  little  more  than  a  service- 

2012  version  of  Microsoft’s 

new  features  and  delivers  solid  performance 
improvements. 

Specifically,  SQL  Server  2012  offers  Busi¬ 
ness  Intelligence  to  help  companies  analyze 
business  data,  an  AlwaysOn  availability  and 
uptime  enhancement,  Contained  Databases 
for  managing  databases  as  a  group  and  a 
quick-query  tool  called  ColumnStore  Index. 

On  the  flip  side,  Microsoft’s  new  licens¬ 
ing  model  will  probably  cost  enterprises 
more  money.  And  database  administrators 
should  be  aware  that  taking  full  advantage 
of  these  new  features  will  require  additional 
network  bandwidth  and  will  impose  extra 
burdens  on  IT. 

SQL  Server  2012  comes  in  three  versions: 
Standard,  Business  Intelligence  and  Enter¬ 
prise,  with  most  of  the  new  features  reserved 
for  the  Enterprise  Edition.  And  Microsoft  has 
replaced  its  per-CPU  licensing  model  with  a 
per-core  model. 

For  earlier  SQL  Server  versions,  you 
bought  one  license  per  physical  processor 
regardless  of  how  many  CPU  cores  it  had.  If 
you  chose  your  server  hardware  smartly,  you 
could  buy  eight  CPU  cores  for  the  cost  of  one 
SQL  Server  license  and  save  enough  in  licens¬ 
ing  fees  to  pay  for  the  new  server.  To  license 
SQL  Server  2012  for  that  same  server,  you’ll 
need  eight  core  licenses.  The  new  core  license 
fees  are  less  than  the  previous  per-CPU  fees, 
but,  if  you  do  the  math,  Microsoft  has  con¬ 
spicuously  increased  SQL  Server’s  price. 

Rundown  of  the  new  features 

Business  Intelligence:  SQL  Server  2012’s 
Business  Intelligence  improvements  essen¬ 
tially  let  users  view  a  database  as  a  spread¬ 
sheet.  Users  can  program  sophisticated 
spreadsheet  formulas  and  reports  that  oper¬ 
ate  directly  on  database  contents. 

A  user  can,  for  example,  program  a  new 
database  report  via  these  spreadsheet  opera¬ 
tions  and  then  take  a  notebook  computer 
running  the  new  report  (and  connected  wire¬ 
lessly  to  the  database  server)  into  a  meeting. 
The  attendees  can  watch  the  report  update  in 
real  time  as  database  contents  change. 

Business  Intelligence  is  a  godsend  for 
companies  whose  corporate  policies  allow 
(or  encourage)  users  to  program  their  own 
spreadsheets.  However,  BI  is  anathema  for 


mm 
c« 

* 


companies  that  want  to  control  ad  hoc  manip¬ 
ulation  of  databases  —  and  the  decisions  that 
ensue  from  such  manipulation. 

In  companies  that  embrace  Business  Intel¬ 
ligence,  network  and  database  administra¬ 
tors  will  see  their  workloads  blossom.  As  we 
tested  Business  Intelligence  in  the  lab,  we  saw 
this  effect  firsthand.  Extrapolating  our  results 
across  a  large  company,  we  estimate  that  the 
unbridled  use  of  SQL  Server  2012’s  Business 
Intelligence  feature  will  likely  increase  admin¬ 
istrator  workloads  by  10%  to  25%. 

AlwaysOn:  Think  of  AlwaysOn  as  database 
mirroring  in  which  the  secondary  (substitute) 
server  can  be  an  active,  already-in-use  SQL 
Server  2012  instance.  The  secondary  server 
takes  up  the  slack  when  a  primary  instance 
fails.  Because  the  substitute  server  may  not 
have  the  horsepower  of  the  primary  server  and 
because  it’s  also  doing  other  work,  response 
times  may  slow  dramatically.  But  the  applica¬ 
tion  blithely  carries  on  without  suffering  an 
outage.  The  mirror  doesn’t  have  to  be  a  standby 
server  that  sits  idle  until  failover  time. 

Earlier  SQL  Server  versions  offered  essen¬ 
tially  two  approaches  to  high  availability. 
You  could  configure  SQL  Server  to  perform 
log  shipping,  which  instructed  the  failover 
server  to  replicate  the  primary  server,  or 
you  could  use  clustering  to  cause  a  standby 
server  to  assume  the  role  of  primary  server 
upon  failover. 

Both  approaches  have  their  limitations. 


Failing  over  an  individual  database  can  take 
time,  during  which  the  database  is  unavail¬ 
able.  Cluster-based  failover  is  costly  for  the 
extra  server(s)  that  does  no  work  until  the 
primary  server(s)  fails. 

SQL  Server  2012’s  AlwaysOn  feature  bor¬ 
rows  the  concept  of  Database  Availability 
Groups  from  Exchange  Server  2010.  Alway¬ 
sOn,  however,  implements  the  concept  with  a 
somewhat  different  architecture. 

Unfortunately,  AlwaysOn  uses  a  great  deal 
of  bandwidth.  In  tests  involving  50  clients 
feeding  an  Online  Transaction  Processing 
(OLTP)  SQL  Server  2012  database  with  an 
average  20  transactions  per  second,  Alway- 
sOn’s  data  replication  and  inter-server  coor¬ 
dination  more  than  doubled  network  utiliza¬ 
tion,  from  22%  to  47%. 

SQL  Server  2012  has  other  high  availabil¬ 
ity  enhancements.  For  the  many  applications 
that  access  multiple  databases  concurrently, 
SQL  Server  2012  offers  Availability  Groups. 
You  assign  multiple  databases  to  an  Avail¬ 
ability  Group  and,  when  a  server  dies,  all  the 
databases  fail  over  as  a  cohesive  unit. 

Availability  Groups  are  particidarly  use¬ 
ful  for  transferring  database  accesses  from  a 
primary  site  to  a  remote  site,  if  a  primary  site 
suffers  a  catastrophic  disaster.  You  can  also 
set  up  multiple  Availability  Group  assign¬ 
ments  for  a  single  SQL  Server  2012  instance. 

If  disaster  strikes,  AlwaysOn  will  divide 
up  the  database  retrievals  and  updates  across 
the  multiple  servers  you’ve  designated  in 
your  disaster  plan.  A  single  database  super¬ 
server  can  thus  fail  over  to  several  lesser- 
horsepower  machines.  Your  standby  servers 
don’t  have  to  be  expensive,  idle-most-of-the- 
time  copies  of  the  primary. 

The  Availability  Group  concept  worked 
well  in  the  lab.  When  we  “pulled  the  plug”  on 
a  database  server,  our  simulated  online  trans¬ 
action  processing  application  kept  running 
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Product 

SQL  Server  2012 

Company 

Microsoft 

Price 

Standard  Edition:  $1, 793/core,  or  $898/server  plus  $209/client 

Business  Intelligence:  $8, 592/server  plus  $209/client 

Enterprise  Edition:  $6, 874/core 

Pros 

SQL  Server  2012  is  faster,  offers  greater  availability/uptime 
and  makes  database  migration  simpler  and  easier 

Cons 

Business  Intelligence  could  create  workload  issues,  AlwaysOn 
increases  network  traffic  dramatically,  ColumnStore 

Indexes  are  read-only:  lacks  new  administrative  tools 
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CLEAR  CLEAR  CHOICE  TEST:  SQL  SERVER  2012 

CHOICE 

TESTj^ 


normally,  completely  unaware  that  it  was 
accessing  a  different  server. 

Note  that  you’ll  have  to  make  separate 
arrangements  for  the  application  itself  and 
for  any  other  system  components  and  data 
files  that  the  application  relies  on.  In  that  vein, 
be  aware  that  there  are  other  high  availability 
mechanisms  that  protect  more  than  just  the 
database  server.  For  example,  CA’s  ARCserve 
High  Availability  can  perform  sophisticated 
failovers  for  all  of  an  application’s  comput¬ 
ing  resources.  It  can  restart  a  crashed  back¬ 
ground  process  (i.e.,  Windows  Service),  if 
that’s  the  cause  of  the  problem.  And  it  offers 
push-button  failover  and  fallback  for  the 
highest  possible  level  of  availability,  plus 
bandwidth  tuning/throttling  and  data  com¬ 
pression  to  use  the  network  more  frugally. 

Another  convenient,  impressive  and  practi¬ 
cal  new  SQL  Server  2012  feature  is  replication 
to  a  read-only  secondary.  By  copying  database 
changes  to  the  read-only  secondary  in  a  way 
that  assures  the  integrity  of  related  database 
contents  in  the  secondary  database,  SQL 
Server  2012  makes  backing  up  an  active,  in- 
use  database  painless  and  quick  —  you  simply 
make  periodic  backup  copies  of  the  read-only 
secondary  database,  not  the  primary. 

If  the  read-only  secondary  is  on  a  separate 
server,  you  even  avoid  using  database  server 
CPU  and  memory  during  the  backup  pro¬ 
cess.  Furthermore,  read-only  secondaries 
become  excellent  candidates  as  the  basis  for 
data  analysis  and  reporting,  even  while  the 
primary  database  is  actively  in  use.  We  liked 
read-only  secondaries  a  lot. 

SQL  Server  2012’s  new  FileTable  concept 
was  somewhat  less  impressive,  but  only 
because  we  couldn’t  think  of  a  good,  practical 
use  for  it.  FileTable  associates  an  NTFS  file 
system  directory  with  a  database  table.  Any 
file  you  put  in  the  directory  appears  in  the 
database,  and  SQL  Server  2012  reflects  in  the 
database  any  changes  you  make  to  a  file. 

Backing  up  the  database  also  backs  up  files 
in  the  associated  directory.  If  you  have  ancil¬ 
lary  data  files  that  bear  a  critical  relationship 
to  the  contents  of  a  database  and  you  want  to 
back  up  the  database  plus  the  ancillary  files 
as  a  consistent  single  unit,  FileTable  may  be 
for  you. 

Contained  Databases:  Before  SQL  Server 
2012,  migrating  a  database  meant  much  more 
than  j  ust  copying  database  files.  You  also  had 
to  set  up  or  at  least  synchronize  database 
login  user  IDs,  ensure  that  collation  (i.e.,  the 
sort  order  to  be  used  for  each  character  set 
as  well  as  the  code  page  used  to  store  non- 
Unicode  character  data)  was  configured  the 
same  for  the  two  databases,  verify  compat¬ 
ibility  levels,  migrate  scheduled  jobs  and  do 
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Product 

SQL  Server  2012 

Features  (30%) 

5 

Performance  (40%) 

4 

Ease  of  Use  (20%) 

3 

Documentation  & 

4 

Installation  (10%) 

Total 

4.1 

Scoring  key:  5:  Exceptional; 

4:  Very  Good;  3:  Average;  2:  Below 
Average;  1:  Consistently  subpar 

other  tasks  to  manage  database-related  data 
not  stored  directly  in  the  database  files. 

SQL  Server  2012’s  Contained  Databases 
feature  makes  database  migration  a  bit  easier 
by  storing  the  collation  setting  and  the  data¬ 
base  login  user  IDs  within  the  database.  You 
no  longer  have  to  synchronize  database  login 
IDs  between  the  old  server  and  the  new  one. 
However,  you  still  have  to  worry  about  other 
database-related  configuration  steps,  such  as 
setting  up  scheduled  jobs  on  the  new  server. 

ColumnStore  Indexes:  SQL  Server  2012’s 
ColumnStore  Index  stores  data  for  columns 
you  designate  and  then  joins  those  database 
columns  to  give  a  read-only,  column-based 
index  into  the  data  (traditional  indexes  are 
row-oriented,  storing  data  for  each  row  and 
then  joining  those  rows  to  complete  the  index). 

Microsoft  claims  ColumnStore  Index 
speeds  up  data  retrieval  by  a  factor  of  10.  Our 
tests  confirmed  the  performance  gain,  exhib¬ 
iting  at  least  lOx  and  sometimes  much  faster 
(12x,  I5x  and  even  20x)  data  retrieval  speeds. 

The  big  drawback  to  ColumnStore  Indexes 
is  their  read-only  status,  which  makes  them 
useful  only  for  queries  in  data  warehouses 
with  huge  databases.  OLTP  databases  and 
ColumnStore  Indexes  are,  by  their  nature 
and  almost  by  definition,  mutually  exclusive. 

Even  in  a  data  warehouse  milieu,  frequently 
loading  new  data  into  read-only  tables  can  be 
quite  a  hassle.  Microsoft  describes  a  work¬ 
around  for  the  read-only  problem  by  having 
you  switch  out  table  partitions  in  your  data 
warehouse  tables.  If  you  are  desperate  for  bet¬ 
ter  performance,  the  workaround  might  be 
acceptable.  Alternatively,  you  might  opt  to  use 
SQL  Server  2012’s  read-only  secondary  fea¬ 
ture  to  manage  the  database  copies  you  use  for 
analysis  and  reporting. 

Speaking  of  indexes  —  SQL  Server  2012’s 
improvements  in  online  re-indexing  are  a  wel¬ 
come  relief  to  administrators  who  from  time  to 
time  have  to  re-index  a  database.  SQL  Server 


2005  touted  an  online  re-indexing  feature, 
but  the  earlier  version’s  fine  print  mentioned 
that  the  indexing  didn’t  work  for  all  data 
types  (the  problem  types  were  varchar(max), 
nvarchar(max),  varbinary(max)  and  XML). 
SQL  Server  2012  removes  the  restriction  so 
that  administrators  can  have  true  online  index 
maintenance  for  applications  that  are  sup¬ 
posed  to  be  online  and  available  24/7. 

We  don’t  want  to  appear  excessively  greedy, 
but  next  we’d  like  to  see  in  SQL  Server  an 
ability  to  re-index  individual  table  parti¬ 
tions  online.  We  have  a  few  other  issues,  as 
well.  Missing  from  SQL  Server  2012  is  any 
significant  use  of  PowerShell,  which  helps 
customers  automate  tasks  through  the  use  of 
commandlets.  Other  than  a  few  command- 
lets  for  AlwaysOn  and  some  backup/restore 
functions,  SQL  Server  2012  has  no  reliance 
on  PowerShell.  With  the  emphasis  Microsoft 
is  putting  on  PowerShell,  we  found  the  omis¬ 
sion  disappointing. 

Ironically,  the  SQL  Server  2012  installation 
process  uses  PowerShell.  As  with  virtually 
every  other  current  version  of  a  Microsoft 
server  product,  Windows  PowerShell  2.0  is 
a  requirement  for  deploying  SQL  Server  2012. 

We  were  also  disappointed  by  the  lack  of 
improvements  to  SQL  Server  Management 
Studio  (SSMS).  Yes,  Microsoft  has  given 
SSMS  a  Visual  Studio  2010  makeover,  which 
means  you  get  better  snippet  management 
as  well  as  integration  with  Team  Foundation 
Server,  but  SQL  Server  2012  offers  no  new 
DBA  management  tools.  For  instance,  we 
would  have  liked  to  have  seen  better  multi¬ 
server  management  and  reporting  features, 
as  well  as  some  use  of  PowerShell  in  SSMS. 

Conclusion 

SQL  Server  2012’s  many  new  features 
(some  of  which,  like  programming  language 
enhancements,  we  haven’t  even  touched  on) 
are  a  good  reason  to  upgrade.  There’s  some¬ 
thing  to  like  for  nearly  everyone.  Just  be 
aware  that  the  new  version  costs  more,  will 
likely  increase  administrator  workloads  and 
might  use  quite  a  bit  more  bandwidth  than 
earlier  SQL  Server  versions.  ■ 

Nance  runs  Network  Testing  Labs  and  is 
the  author  of  “ Introduction  to  Networking, 

4th  Edition"  and  “Client/Server  LAN 
Programming.”  His  email  address  is  barryn@ 
erols.com. 


©  Read  how  we  conducted 
our  test,  tinyurl.com/7528nju 
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Just  linking  could  get  you  10  years  in  jail 


SO  YOU  live  in  another  country,  say  some¬ 
where  in  Europe,  maybe,  oh  I  don’t  know, 
England.  In  your  perambulations  around 
the  Internet  you  find  a  load  of  stuff  that  interests  you  and  you  think 
“Hmmm,  other  people  might  be  interested  in  this,  I’ll  share  it  online.” 

You  build  a  website  that  just  lists  the  links ...  and  links  are  the  only 
thing  on  the  site ...  and  you  turn  it  loose. 

Next  thing  you  know,  your  domain  name 
is  seized  by  the  U.S.  Immigration  and  Cus¬ 
toms  Enforcement  (ICE)  and  the  various 
United  States  government  agencies  are  try¬ 
ing  to  extradite  you  so  you  can  be  prosecuted 
for  “violations  of  Federal  criminal  copyright 
infringement  laws,”  a  crime  that  could  send 
you  to  prison  for  10  years! 

Sounds  ridiculous?  Well,  that’s  exactly 
what  has  happened  to  Richard  O’Dwyer,  a 
24-year-old  British  citizen  who  is  a  student  at 
Sheffield  Hallam  University  in  England. 

In  2007  O’Dwyer  set  up  a  website,  TVShack 
.net,  listing  links,  nothing  else,  no  copyrighted 
materials  at  all,  and  included  the  disclaimer 
“TV  Shack  is  a  simple  resource  site.  All  content 
visible  on  this  site  is  located  at  3rd  party  web¬ 
sites.  TV  Shack  is  not  responsible  for  any  content  linked  to  or  referred 
from  these  pages.”  The  site  also  noted  that  it  was  hosted  in  Sweden. 

On  June  30, 2010,  ICE  seized  seven  domains,  including  O’Dwyer’s 
TVShack.net,  for  “violations  of  Federal  criminal  copyright  infringe¬ 
ment  laws”  and  alleged  the  sites  were  “involved  in  the  illegal  distribu¬ 
tion  of  copyrighted  movies  and  television  programs  over  the  Internet.” 

Particularly  telling  was  the  seized  sites  were  cited  as  “linking 
websites”  providing  “access  or  links  to  other  websites  where  pirated 


Richard  O'Dwyer  is  accused  by  U.S.  authorities 
of  “violations  of  Federal  criminal  copyright 
infringement  laws”  for  linking  to  sites  that  host 
pirated  TV  programs  and  movies. 


movies  and  television  programs  are  stored.”  In  essence,  the  charges  are 
for  linking.  Not  for  distributing  pirated  content,  but  for  simply  point¬ 
ing  to  another  site  where  pirated  material  might  be  found. 

What,  I  suspect,  made  The  Man  (“The  Man”  being  U.S.  authorities 
prodded  into  action  by,  no  surprise,  the  Motion  Picture  Association  of 
America)  go  after  O’Dwyer  was  that  he  was  making  money  from  adver¬ 
tising  on  his  site  (U.S.  authorities  claim  his  site 
earned  advertising  revenue  of  something  like 
$230,000  since  January  2008). 

What  is  totally  insane  about  the  infringe¬ 
ment  charge  is  O’Dwyer’s  site  was  just  a  list 
of  links ...  a  list  of  links  much  like  one  that  you 
might  get  from  Google,  Bing  or  Yahoo.  Will  any 
of  those  companies  be  hauled  into  court  for  the 
same  charge?  I  think  not. 

Should  O’  Dwyer  be  extradited  to  the  U.S.  (in 
March  this  year  the  U.K.  home  secretary  very 
unwisely  approved  extradition,  but  the  case 
is  currently  in  appeal)  and,  found  guilty,  the 
consequences  will  be  biblical.  Tweet  or  post  to 
Facebook  a  link  to  some  site  that  is  considered 
to  infringe  someone’s  copyright,  and  you  could 
find  yourself  and/or  your  company  liable. 

This  case  is  attracting  a  lot  of  attention  not 
just  because  of  the  potential  for  a  real  miscarriage  of  justice,  but  because 
it  will  have  a  profound  effect  on  free  speech  and  openness.  A  major  cam¬ 
paign  by  Demand  Progress  and  supported  by  Wikipedia  is  underway 
to  pressure  the  U.K.,  through  public  opinion,  to  not  allow  extradition. 

I  can’t  encourage  you  strongly  enough  to  sign  the  petition  ...  if 
O’Dwyer  is  prosecuted  and  found  guilty,  we  all  lose.  ■ 

Gibbs  is  in  Ventura,  Calif.  Voice  your  support  at  backspin@gibbs.com. 
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FTC  to  revisit  infuriating  robocallers 


WHILE  THERE  are  legal  measures  in  place 
to  stop  most  robocalls,  the  use  of  the  annoy¬ 
ing  automated  calling  process  seems  to  be 
on  the  rise.  Personally,  I  have  received  four  such  calls  in  the  past  48 
hours  —  two  from  some  company  looking  to  book  vacation  cruises. 
Curiously  that  one  uses  a  foghorn  to  answer  the  call  when  you  pick 
up  —  a  tactic  I  find  can  scare  the  crap  out  of  me  rather  than  intrigue 
me  into  staying  on  the  line. 

The  Federal  Trade  Commission,  which  defined  the  rules  that  out¬ 
lawed  most  robocalls  in  2009,  has  taken  notice  of  an  uptick  in  these 
maddening  calls,  and  on  Oct.  18  will  convene  a  summit  in  Washington, 
D.C.,  to  examine  the  issues  surrounding  what  even  it  called  the  grow¬ 
ing  robocall  problem. 

Accord  ing  to  the  FTC,  the  summit  will  be  open  to  the  public,  and  will 
include  members  of  law  enforcement,  the  telemarketing  and  telecom¬ 
munications  industry,  consumer  groups  and  the  general  public.  The 
summit  will  focus  on  exploring  what  the  FTC  calls  “innovations  that 
could  potentially  be  used  to  trace  robocalls,  prevent  wrongdoers  from 
faking  caller  ID  data,  and  stop  illegal  calls.” 

“The  FTC  hears  from  American  consumers  every  day  about  illegal 
robocalls  and  how  intrusive  they  are,”  said  FTC  Chairman  Jon  Leibow- 
itz  in  a  statement.  “We’re  ratcheting  up  our  efforts  to  stop  this  invasion 
of  consumers’  privacy.” 


The  agency,  which  says  it  has  stopped  billions  of  robocalls  in  the  past 
couple  of  years,  says  a  variety  of  technologies  are  making  it  easier  for 
telemarketers  to  skirt  or  at  least  try  to  get  around  the  law.  The  increased 
use  of  automated  phone  call  systems  that  just  blast  away  calls  without 
first  screening  the  Do  Not  Call  registry  is  one  of  the  main  enabling 
technologies.  The  ability  to  operate  such  systems  via  the  Internet  and 
hiding  or  spoofing  their  location  is  another  problem  the  FTC  says  is 
behind  the  increase. 

According  to  the  agency,  nearly  all  telemarketing  robocalls  have 
been  illegal  since  Sept.  1, 2009,  and  the  only  legal  sales  robocalls  are 
ones  that  consumers  have  stated  in  writing  that  they  want  to  receive. 
Certain  other  types  of  robocalls,  such  as  political  calls,  survey  calls  and 
charitable  calls  remain  legal,  and  are  not  covered  by  the  2009  ban. 

The  FTC  says  it  targets  high-volume  offenders  and  looks  for  “choke- 
points”  in  the  calling  process  to  stop  the  largest  number  of  illegal  calls. 
To  date,  the  FTC  says  it  has  brought  85  enforcement  cases  targeting 
illegal  robocalls,  and  violators  have  paid  $41  million  in  penalties. 
Indeed,  since  January  2010,  the  FTC  has  brought  law  enforcement 
actions,  shutting  down  the  companies  responsible  for  more  than  2.6 
billion  illegal  telemarketing  robocalls. 

It  seems  they  need  to  stop  about  5  billion  more  to  make  an  impact.  ■ 

Have  an  opinion?  Let  me  know:  mcooney@nww.com. 
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Building  the  engines  of  a  Smarter  Planet: 

Cyber  crime  is  inevitable. 

Becoming  a  victim  isn’t. 

On  a  smarter  planet,  midsize  businesses  are  more  intelligent  and  interconnected  than  ever  before.  Rapidly  emerging 
technologies  are  helping  businesses  innovate,  yet  these  technologies  also  present  their  own  risks.  With  record  levels 
of  security  breaches  reported  in  all  industries— across  the  globe  — antivirus  measures  and  firewalls  simply  can’t  provide 
sufficient  protection  against  ever-evolving  cyber  threats.  IBM  Hosted  Vulnerability  Management  Service  (VMS)  is  not  like 
other  security  solutions.  It  uses  the  same  methods  that  a  hacker  would  to  identify  your  company’s  security  risks  and  then 
outlines  specific  step-by-step  solutions.  Benefits  of  VMS  include: 


•■an 


Identifying  risks  before  hackers  do. 

IBM  VMS  remotely  scans  your  IT  infrastructure  on  a 
regular  basis,  pointing  out  potential  threats  and  outlining 
the  appropriate  solutions. 


Security  that  evolves  with  your  company. 

IBM  manages  VMS  through  the  cloud.  So  as  your 
company’s  workloads  become  more  complex,  VMS 
updates  automatically  and  requires  minimal  resources 
:  in  terms  of  staff,  hardware  and  software. 


Providing  the  confidence  to 
drive  your  business  forward. 

As  your  midsize  business  continues  to  leverage 
new  technology,  VMS  can  help  protect  your  IT 
infrastructure  from  ever-evolving  cyber  threats. 


To  receive  a  free  security  scan  for  your  company1 
and  find  the  right  IBM  Business  Partner,  call 

1-877-IBM-ACCESS  or  visit  ibm.com/engines/vms 


IBM  Hosted  Vulnerability  Management  Service 

Starting  at 

<t>  _J  /"N  /'"N  l~~  per  month 

$1,025 

for  unlimited  scanning  of  up  to  49  Web 
applications  or  IP  addresses. 


Midsize  businesses  are  the  engines  of  a  Smarter  Planet. 


\  «  / 


'  Offer  valid  one  per  company.  Prices  are  current  as  of  06/05/12,  valid  in  fhe  U.S.  only,  and  subject  to  change  without  notice.  Offerings  are  subject  to  change,  extension  or  withdrawal  without  notice.  Please  contact 
your  IBM  authorized  Business  Partner  or  IBM  representative  for  more  information.  All  rights  reserved.  IBM,  the  IBM  logo,  ibm.com,  Smarter  Planet  and  the  planet  icon  are  trademarks  of  International 
Business  Machines  Corp,  registered  in  many  jurisdictions  worldwide.  Other  product  and  service  names  might  be  trademarks  of  IBM  or  other  companies.  A  current  list  of  IBM  trademarks  is  available  on  the  Web  at 
www.ibm.com/legal/copytrade.shtml.  ©  International  Business  Machines  Corporation  2012. 
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THE  DATA  CENTER  IS  HERE 


Today,  more  than  ever,  business  efficiency  is 
determined  by  network  efficiency. That’s  why 
90  percent  of  the  Global  1000  rely  on  Brocade 
cloud-optimized  networks.  Using  Ethernet  fabric 
as  the  network  foundation, 


Brocade  eases  your  path  to  virtualization 


by  radically  simplifying  network  architectures. 

High  levels  of  automation  allow  seamless  mobility 
for  VMs  between  servers  so  applications  are 
always  available  regardless  of  where  they  are 
running.  Take  the  easier  path  to  virtualization. 

Learn  more  at  brocade.com/everywhere 


BROCADE 


©  2012  Brocade  Communications  Systems,  Inc.  All  rights  reserved 
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